• need help with IF statement php
    10 replies, posted
im trying to make it so before it inserts the comment and username into the database it check if the username is active: 0 or 1. if it is 0 then die but if active then its all good lol. what i have now lets anybody comment. to me it looks perfect ? =[ [code] if (isset($_POST['submit'])) { $check = mysql_query("SELECT active FROM users WHERE active ='1'") or die(mysql_error()); $check2 = mysql_num_rows($check); if ($check2 != 1) { die('You are Not allowed to comment untill your account is activated.'); }else{ $comment = mysql_real_escape_string(stripslashes(trim($_POST['comment']))); $insert = "INSERT INTO homecomments (username, comment) VALUES ('[$username]', '[$comment]')"; $add_member = mysql_query($insert); { echo "<META HTTP-EQUIV=\"Refresh\" CONTENT=\"1; URL=index.php\">"; } } } [/code]
[php] { echo "<META HTTP-EQUIV=\"Refresh\" CONTENT=\"1; URL=index.php\">"; } [/php] What are you doing? [editline]18th November 2010[/editline] [url]http://php.net/manual/en/function.header.php[/url]
well it works \=
[QUOTE=Minimeallolal;26132143]well it works \=[/QUOTE] Why is it wrapped in {'s?
I guess you need something like this. Reformatted the code with proper tab and bracket structure, made the variable in the SQL more visible etc. [code]if (isset($_POST['submit'])) { $check = mysql_query("SELECT `active` FROM `users` WHERE `active` = '1'") or die(mysql_error()); $check2 = mysql_num_rows($check); if ($check2 !== 1) { die('You are Not allowed to comment untill your account is activated.'); } else { $comment = mysql_real_escape_string($_POST['comment']); // I assume you have $username defined somewhere.. $insert = "INSERT INTO `homecomments` (`username`, `comment`) VALUES ('" . $username . "', '" . $comment . "')"; $add_member = mysql_query($insert); header('Location: index.php'); die(); } }[/code]
Well for a start you're using !== for "Does not equal" when it's just != Here's a list of operators. [url]http://www.w3schools.com/PHP/php_operators.asp[/url]
Well, the $check MySQL statement is selecting all active users (so you're basically getting the amount of active users). You want to check if the current user is active, right? [code]$check = mysql_query("SELECT `active` FROM `users` WHERE `active` = '1' AND `username` = '$username'") or die(mysql_error());[/code] You may want to escape the username, too.
[QUOTE=PieClock;26136560]Well for a start you're using !== for "Does not equal" when it's just !=[/QUOTE] !== is a strict comparison. [code]0 != FALSE[/code] will be FALSE [code]0 !== FALSE[/code] will be TRUE Using two equals in !== (or 3 equals in ===) does a match against the type, as well as the actual value.
[QUOTE=PieClock;26136560]Well for a start you're using !== for "Does not equal" when it's just != Here's a list of operators. [url]http://www.w3schools.com/PHP/php_operators.asp[/url][/QUOTE] [url]http://php.net/manual/en/language.operators.comparison.php[/url]
I stand corrected.
-solved-
Sorry, you need to Log In to post a reply to this thread.