Minimeallolla Posted November 18, 2010 Share Posted November 18, 2010 im trying to make it so before it inserts the comment and username into the database it check if the username is active: 0 or 1. if it is 0 then die but if active then its all good lol. what i have now lets anybody comment. to me it looks perfect ? =[ if (isset($_POST['submit'])) { $check = mysql_query("SELECT active FROM users WHERE active ='1'") or die(mysql_error()); $check2 = mysql_num_rows($check); if ($check2 != 1) { die('You are Not allowed to comment untill your account is activated.'); }else{ $comment = mysql_real_escape_string(stripslashes(trim($_POST['comment']))); $insert = "INSERT INTO homecomments (username, comment) VALUES ('[$username]', '[$comment]')"; $add_member = mysql_query($insert); { echo "<META HTTP-EQUIV=\"Refresh\" CONTENT=\"1; URL=index.php\">"; } } } Link to comment Share on other sites More sharing options...
seanlim Posted November 18, 2010 Share Posted November 18, 2010 $check = mysql_query("SELECT active FROM users WHERE active ='1'") or die(mysql_error()); this line should be changed to include the username. you will want the database to fetch only the record of the username if it is active. your current statement will fetch ALL records with active='1' if you are using sessions for the login, it'll be something along the lines of: $check = mysql_query("SELECT active FROM users WHERE active ='1' AND username='".mysql_real_escape_string($_SESSION['username'])."'") or die(mysql_error()); Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.