PDA

View Full Version : Forbidden Name Function



ajloun
09-16-2009, 07:13 AM
Hello

First i'm Sorry for too much Quastion i have asked , but my project almost Done .. I have Little Problem .

Now . I have A posting Forum . The Visitor Can tyep a Name and write His Comment and Send ..

What i tried to do is Ban the Visitors from Chosen Some Names .. Some they Use Nick as Webmaster ., admin .. etc

I coud use somthing easy like this to stop them.

$name = $_POST ['name'];
if ($name == Adminl){
echo "U Cant use this name";
}

But i wanted it More Flexable so i tried Mysql .

CREATE TABLE `userid` (
`us_id` INT( 11 ) NOT NULL AUTO_INCREMENT ,
`user` VARCHAR( 255 ) NOT NULL ,
PRIMARY KEY ( `us_id` )
);

then the Function.

function forbiden_name($name)
{
$query = mysql_query("SELECT * FROM `userid` WHERE `userid`.`user` = '$name' LIMIT 0 , 1 ")or die(mysql_error());
$isset = mysql_affected_rows();
if($isset > 0)
{
@mysql_free_result($query);
return false;
}
else
{
return true;
}
@mysql_free_result($query);
}

and Now this is the Name Check .. length or if its embty


if ( strlen($_POST["name"]) < 10 ){
redirect_header($sReferPage . "/index.php" , 3, _MD_MSGNAMEINS);
} else if (strlen($_POST["name"]) > 20) {
redirect_header($sReferPage . "/index.php" , 3, _MD_MSGENAMEINS_LONG);



Under the name check i placed the Bad Name Function Check like this


//Deny Bad name
$name = addslashes(trim($_POST['name']));
if (forbiden_name($name))
{

// the Comment check Code here ..

///els stuff if the name is not allowed
}
else
{

echo "This Name Not allowed" ;
}


Now when i test by posting comment with Forbidden name , I get the message the Name not Allowed , but then Thank you for Posting and the Comment accepted ..

Wht is wrong have i Done , Please Tell me if you know

thx

SKDevelopment
09-16-2009, 09:18 AM
function forbiden_name($name)
{
$query = mysql_query("SELECT * FROM `userid` WHERE `userid`.`user` = '$name' LIMIT 0 , 1 ")or die(mysql_error());
$isset = mysql_affected_rows();
if($isset > 0)
{
@mysql_free_result($query);
return false;
}
else
{
return true;
}
@mysql_free_result($query);
}
1. In the function forbiden_name() you are trying to check how many rows have been affected with mysql_affected_rows(). mysql_affected_rows() shows how many rows have been affected on the last INSERT, UPDATE, REPLACE or DELETE query. Do not use it with SELECT. What you meant here instead was mysql_num_rows() (http://php.net/mysql_num_rows) I think.

2. If $isset > 0 you use mysql_free_result() twice - first in the if-block and then at the end of the function.

3. Please show the code where "Thank you for Posting and the Comment accepted" is output. I think it should be in the condition
if (forbiden_name($name))
if-block...


$name = mysql_real_escape_string($name);
if (forbiden_name($name))
{
echo "Thank you for Posting and the Comment accepted";
}
else
{
echo "This Name Not allowed" ;
}

in case `userid`.`user` contains the list of forbidden names and the function forbiden_name() returns false if the name is forbidden and true otherwise (I followed the logic of your function but I think it could be possibly more intuitively clear if you changed the function to return true if the name was forbidden and false otherwise).