derekshull Posted October 17, 2012 Share Posted October 17, 2012 I have a piece of code that I'm not sure why it isn't right. I have a list of names in a SQL table and I want to see if the current username matches any of the usernames in the list and if not redirect it to another page. Here's what I have: global $user; $username = $user->name; $query = mysql_query("SELECT submittedusername FROM org"); $rows = mysql_fetch_array($query); If ($rows != $username) { $yquery = drupal_get_destination(); drupal_goto('/node/registerfirst',$yquery); } Where an i going wrong? Quote Link to comment Share on other sites More sharing options...
Jessica Posted October 17, 2012 Share Posted October 17, 2012 Why don't you just do the query to select that username from the table, rather than selecting all and processing them? You're making this way harder than it is. Quote Link to comment Share on other sites More sharing options...
derekshull Posted October 17, 2012 Author Share Posted October 17, 2012 How would I do that? Not sure what you are saying. Use just SQL to call it and see if it's in there? So: global $user; $username = $user->name; $query = mysql_query("SELECT submittedusername FROM org WHERE submittedusername = '$username'"); but this how would I do "if username isn't in the database redirect to different page" Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted October 17, 2012 Share Posted October 17, 2012 This is the logic that would probably be good for you, IMHO. $query = "SELECT COUNT(1) FROM table WHERE field = '$value'"; $result = mysql_query( $query ); $array = mysql_fetch_row( $result ); if( $array[0] === 1 ) { // name in in DB only once, as it should be. } else { if( $array[0] === 0 ) { // name was not found } if( $array[0] > 1 ) { // name appears more than once, indicating data problems } } Quote Link to comment Share on other sites More sharing options...
Christian F. Posted October 17, 2012 Share Posted October 17, 2012 Do note that you need to validate the input, if the username comes from the user. This is typically done with the ctype_* () functions or Regular Expressions. You'll also need to escape the output, to prevent SQL injections. This is done with mysqli::real_escape_string (). PS: You should move away from the old and outdated mysql library, and use the new and up-to-date mysqli (for "improved") library or PDO. Both of them are explained in detail in the PHP manual. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.