...

View Full Version : Forbidden Name Function



ajloun
09-16-2009, 08:13 AM
Hello

First i'm Sorry for too much Quastion i have asked , but my project almost Done .. I have Little Problem .

Now . I have A posting Forum . The Visitor Can tyep a Name and write His Comment and Send ..

What i tried to do is Ban the Visitors from Chosen Some Names .. Some they Use Nick as Webmaster ., admin .. etc

I coud use somthing easy like this to stop them.

$name = $_POST ['name'];
if ($name == Adminl){
echo "U Cant use this name";
}

But i wanted it More Flexable so i tried Mysql .

CREATE TABLE `userid` (
`us_id` INT( 11 ) NOT NULL AUTO_INCREMENT ,
`user` VARCHAR( 255 ) NOT NULL ,
PRIMARY KEY ( `us_id` )
);

then the Function.

function forbiden_name($name)
{
$query = mysql_query("SELECT * FROM `userid` WHERE `userid`.`user` = '$name' LIMIT 0 , 1 ")or die(mysql_error());
$isset = mysql_affected_rows();
if($isset > 0)
{
@mysql_free_result($query);
return false;
}
else
{
return true;
}
@mysql_free_result($query);
}

and Now this is the Name Check .. length or if its embty


if ( strlen($_POST["name"]) < 10 ){
redirect_header($sReferPage . "/index.php" , 3, _MD_MSGNAMEINS);
} else if (strlen($_POST["name"]) > 20) {
redirect_header($sReferPage . "/index.php" , 3, _MD_MSGENAMEINS_LONG);



Under the name check i placed the Bad Name Function Check like this


//Deny Bad name
$name = addslashes(trim($_POST['name']));
if (forbiden_name($name))
{

// the Comment check Code here ..

///els stuff if the name is not allowed
}
else
{

echo "This Name Not allowed" ;
}


Now when i test by posting comment with Forbidden name , I get the message the Name not Allowed , but then Thank you for Posting and the Comment accepted ..

Wht is wrong have i Done , Please Tell me if you know

thx

SKDevelopment
09-16-2009, 10:18 AM
function forbiden_name($name)
{
$query = mysql_query("SELECT * FROM `userid` WHERE `userid`.`user` = '$name' LIMIT 0 , 1 ")or die(mysql_error());
$isset = mysql_affected_rows();
if($isset > 0)
{
@mysql_free_result($query);
return false;
}
else
{
return true;
}
@mysql_free_result($query);
}
1. In the function forbiden_name() you are trying to check how many rows have been affected with mysql_affected_rows(). mysql_affected_rows() shows how many rows have been affected on the last INSERT, UPDATE, REPLACE or DELETE query. Do not use it with SELECT. What you meant here instead was mysql_num_rows() (http://php.net/mysql_num_rows) I think.

2. If $isset > 0 you use mysql_free_result() twice - first in the if-block and then at the end of the function.

3. Please show the code where "Thank you for Posting and the Comment accepted" is output. I think it should be in the condition
if (forbiden_name($name))
if-block...


$name = mysql_real_escape_string($name);
if (forbiden_name($name))
{
echo "Thank you for Posting and the Comment accepted";
}
else
{
echo "This Name Not allowed" ;
}

in case `userid`.`user` contains the list of forbidden names and the function forbiden_name() returns false if the name is forbidden and true otherwise (I followed the logic of your function but I think it could be possibly more intuitively clear if you changed the function to return true if the name was forbidden and false otherwise).



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum