Programming Forums > Web Development and Design > PHP

KyrinComaBlack · Feb 6th, 2006, 1:37 AM

I am having trouble with the banning of a member. Everything works correctly except for the ban reason. I have set up everything correctly and have the info in order as in phpmyadmin. And I get everything correctly done except for the ban reason doesn't seem to want to be inserted into the table. I have check with print_r($reason); and it is insert into it but when I take it off it doesn't get insert into it and this is getting annoying.

[PHP]
<?php
############################################
############################################
## user.php
##
##
##
##
############################################
############################################

############################################
##Required Files
############################################
require("../backend/config.php");
require("../backend/constants.php");
require("../backend/session.php");
session_start();
############################################
##Header
############################################
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Admin Control Panel - Users</title>
<style type="text/css">
body{
background-color:#000000;
color:#FFFFFF;
}
</style>
</head>
<body>

<?php
############################################
##Ban User
############################################
$user = $_POST['username'];
$reason = $_POST['reason'];
$time = time();

if(isset($_POST['submit'])){

$q = "SELECT * FROM user WHERE username='$user'";
mysql_query($q);

if(!$q){
die("<center><font color=\"#FF0000\">Error on selecting user</font></center>");
}

if($user == $q){ //Checks to see if user name that is entered is blank
die("<font color=\"#FF0000\">Username is blank!</font><br>\n");
}elseif(preg_match('/^[A-z0-9]{1,30}$/', $user) == $user){ //Checks to see if the user input invalid characters into the text box
die("<font color=\"#FF0000\">Username must only contain letters and numbers!</font><br>\n");
}

/*
if($bandays == ''){
print("<font color=\"#FF0000\">The number of ban days is empty</font><br>\n");
}elseif(preg_match('^/[0-9]{1,3}$/', $user) == $user){
print("<font color=\"#FF0000\">The number of ban days must only contain numbers!</font><br>\n");
}*/

if($reason == ''){
die("<font color=\"#FF0000\">A reason is need to tell the user why he is banned</font><br>\n");
}elseif(strlen($user) > 255){
die("<font color=\"#FF0000\">Your reason is more than the 500 character limit please reduce the reason!</font><br>\n");
}elseif(preg_match('/^[A-Za-z0-9]{1,500}$/', $reason) == $reason){
die("<font color=\"#FF0000\">The reason must only contain letters and numbers!</font><br>\n");
}

$q1 = "UPDATE user SET memlev='-1' WHERE username='$user' LIMIT 1";
mysql_query($q1);

if(!q1){
die(mysql_error());
}

$q2 = "INSERT INTO user(username, ban_reason, timestamp) VALUES('$user', '$reason', '$time')";
mysql_query($q2);

if(!q2){
die(mysql_error());
}
}
if($_REQUEST['do'] == 'ban'){
?>
<form name="banning" action="<?php echo "{$_SESSION['PHP_SELF']}"; ?>" method="post">
<table width="699" align="center" border="0" cellspacing="0" cellpadding="0">
<tr align="center">
<td align="center" colspan="2" bgcolor="#3300FF"><b><font color="#FFFFFF">Ban User</font></b></td>
</tr>
<tr align="left">
<td width="341" height="29" align="left" valign="top" bgcolor="#3399FF"><font color="#FFFFFF">Username</font></td>
<td width="348" align="left" valign="top" bgcolor="#3399FF"><input type="text" name="username" maxlength="32" size="25" /></td>
</tr>

<tr align="left">
<td width="341" height="29" align="left" valign="top" bgcolor="#3300FF"><font color="#FFFFFF">Reason To Ban</font></td>
<td width="348" align="left" valign="top" bgcolor="#3300FF"><input type="text" name="reason" maxlength="500" size="50" /></td>
</tr>
<tr align="center">
<td align="center" colspan="2" valign="top" bgcolor="#3399FF"><input type="submit" name="submit" value="Submit" /><input type="reset" value="Reset" /></td>
</tr>
</table>
</form>
<?php
}
###########################################
##Footer
###########################################
?>
</body>
</html>
[/PHP]

I know I have a weird way of coding so i know about the strange things in it :banana:

rsnd · Feb 6th, 2006, 6:08 AM

I think I see the problem. After the line " mysql_query($q); "...$q is still a string pointing to "SELECT * FROM user WHERE username='$user'"...how can it possibly check "to see if user name that is entered is blank" as you are comparing your sql query to username...and not its results. Way before that !q is always true as it points to somewhere. You should be doing it to the resouce it returns and not the query itself. I dont think you understand how mysql extension works with php. I'd recommand you downloading the php mannual and read the relevent mysql section. Or you can see it online on http://www.php.net/ You might also want to look at examples in relevent sections. May help you understand faster.

DaWei · Feb 6th, 2006, 8:08 AM

As rsnd says, your code is just all garffled up. Put this in your bookmarks or on your button bar, wherever you can get to it with just a click. Refer to it when you write the code. You might also get a good book. One is PHP and MySQL by Williams and Lane.

(Toggle Plain Text)

resource mysql_query ( string query [, resource link_identifier] )

mysql_query() sends a query (to the currently active database on 
the server that's associated with the specified link_identifier).

Parameters

query:
      A SQL query
    The query string should not end with a semicolon. 
link_identifier:
    The MySQL connection. If the link identifier is not specified, 
the last link opened by mysql_connect() is assumed. If no such 
link is found, it will try to create one as if mysql_connect() was 
called with no arguments. If by chance no connection is found 
or established, an E_WARNING level warning is generated.

Return Values:
    For SELECT, SHOW, DESCRIBE or EXPLAIN statements, 
   mysql_query() returns a resource on success, or FALSE on error.

    For other type of SQL statements, UPDATE, DELETE, DROP, etc,
    mysql_query() returns TRUE on success or FALSE on error.

KyrinComaBlack · Feb 6th, 2006, 7:02 PM

nevermind i got it working im such a klutz. Heres what I did wrong. I was insert info into it like it was just insert instead of updating the username thingymabob.

so heres what I fixed

[php]
$q3 = "UPDATE user SET ban_reason='$reason', timestamp='$time' WHERE username='$user'";
$result = mysql_query($q3) or die(mysql_error());
[/php]

instead of
[php]
$q3 = "INSERT INTO user('ban_reason, 'time') VALUES('$reason', '$time')";
$result = mysql_query($q3) or die(mysql_error());
[/php]

DaWei · Feb 6th, 2006, 7:09 PM

(Toggle Plain Text)

    $user_lookup = "SELECT * FROM user WHERE username='$user'";
    $result = mysql_query($user_lookup) or die("Couldn't lookup username!");

Here you are making the query. The results of the query are in $result. Where, pray tell, are you LOOKING at the result to SEE if it worked. The next operation I see on $result is to destroy it with another query. You seem to be missing a very basic concept. Have you actually read the books?

KyrinComaBlack · Feb 6th, 2006, 7:24 PM

i got it fixed

and yes I did actually read the books XD

Feb 6th, 2006, 1:37 AM	#1
KyrinComaBlack Programmer Join Date: Dec 2005 Location: Toronto, Ontario, Canada Posts: 48 Rep Power: 0	Banning Problem I am having trouble with the banning of a member. Everything works correctly except for the ban reason. I have set up everything correctly and have the info in order as in phpmyadmin. And I get everything correctly done except for the ban reason doesn't seem to want to be inserted into the table. I have check with print_r($reason); and it is insert into it but when I take it off it doesn't get insert into it and this is getting annoying. [PHP] <?php ############################################ ############################################ ## user.php ## ## ## ## ############################################ ############################################ ############################################ ##Required Files ############################################ require("../backend/config.php"); require("../backend/constants.php"); require("../backend/session.php"); session_start(); ############################################ ##Header ############################################ ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Admin Control Panel - Users</title> <style type="text/css"> body{ background-color:#000000; color:#FFFFFF; } </style> </head> <body> <?php ############################################ ##Ban User ############################################ $user = $_POST['username']; $reason = $_POST['reason']; $time = time(); if(isset($_POST['submit'])){ $q = "SELECT * FROM user WHERE username='$user'"; mysql_query($q); if(!$q){ die("<center><font color=\"#FF0000\">Error on selecting user</font></center>"); } if($user == $q){ //Checks to see if user name that is entered is blank die("<font color=\"#FF0000\">Username is blank!</font><br>\n"); }elseif(preg_match('/^[A-z0-9]{1,30}$/', $user) == $user){ //Checks to see if the user input invalid characters into the text box die("<font color=\"#FF0000\">Username must only contain letters and numbers!</font><br>\n"); } /* if($bandays == ''){ print("<font color=\"#FF0000\">The number of ban days is empty</font><br>\n"); }elseif(preg_match('^/[0-9]{1,3}$/', $user) == $user){ print("<font color=\"#FF0000\">The number of ban days must only contain numbers!</font><br>\n"); }*/ if($reason == ''){ die("<font color=\"#FF0000\">A reason is need to tell the user why he is banned</font><br>\n"); }elseif(strlen($user) > 255){ die("<font color=\"#FF0000\">Your reason is more than the 500 character limit please reduce the reason!</font><br>\n"); }elseif(preg_match('/^[A-Za-z0-9]{1,500}$/', $reason) == $reason){ die("<font color=\"#FF0000\">The reason must only contain letters and numbers!</font><br>\n"); } $q1 = "UPDATE user SET memlev='-1' WHERE username='$user' LIMIT 1"; mysql_query($q1); if(!q1){ die(mysql_error()); } $q2 = "INSERT INTO user(username, ban_reason, timestamp) VALUES('$user', '$reason', '$time')"; mysql_query($q2); if(!q2){ die(mysql_error()); } } if($_REQUEST['do'] == 'ban'){ ?> <form name="banning" action="<?php echo "{$_SESSION['PHP_SELF']}"; ?>" method="post"> <table width="699" align="center" border="0" cellspacing="0" cellpadding="0"> <tr align="center"> <td align="center" colspan="2" bgcolor="#3300FF"><b><font color="#FFFFFF">Ban User</font></b></td> </tr> <tr align="left"> <td width="341" height="29" align="left" valign="top" bgcolor="#3399FF"><font color="#FFFFFF">Username</font></td> <td width="348" align="left" valign="top" bgcolor="#3399FF"><input type="text" name="username" maxlength="32" size="25" /></td> </tr> <!-- <tr align="left"> <td width="341" height="29" align="left" valign="top" bgcolor="#3300FF"><font color="#FFFFFF">Number Of Ban Days</font></td> <td width="348" align="left" valign="top" bgcolor="#3300FF"><input type="text" name="banDays" maxlength="3" size="10" /></td> </tr> <tr align="left"> <td width="341" height="29" align="left" valign="top" bgcolor="#3399FF"><font color="#FFFFFF">Move To User Group</font></td> <td width="348" align="left" valign="top" bgcolor="#3399FF"><select name="usergroup"></select></td> </tr>--> <tr align="left"> <td width="341" height="29" align="left" valign="top" bgcolor="#3300FF"><font color="#FFFFFF">Reason To Ban</font></td> <td width="348" align="left" valign="top" bgcolor="#3300FF"><input type="text" name="reason" maxlength="500" size="50" /></td> </tr> <tr align="center"> <td align="center" colspan="2" valign="top" bgcolor="#3399FF"><input type="submit" name="submit" value="Submit" /><input type="reset" value="Reset" /></td> </tr> </table> </form> <?php } ########################################### ##Footer ########################################### ?> </body> </html> [/PHP] I know I have a weird way of coding so i know about the strange things in it :banana:

Feb 6th, 2006, 6:08 AM	#2
rsnd Hobbyist Programmer Join Date: Jun 2005 Location: Helltown Posts: 162 Rep Power: 4	I think I see the problem. After the line " mysql_query($q); "...$q is still a string pointing to "SELECT * FROM user WHERE username='$user'"...how can it possibly check "to see if user name that is entered is blank" as you are comparing your sql query to username...and not its results. Way before that !q is always true as it points to somewhere. You should be doing it to the resouce it returns and not the query itself. I dont think you understand how mysql extension works with php. I'd recommand you downloading the php mannual and read the relevent mysql section. Or you can see it online on http://www.php.net/ You might also want to look at examples in relevent sections. May help you understand faster. __________________ Spread your wings and fly! Chicken!

Feb 6th, 2006, 7:02 PM	#4
KyrinComaBlack Programmer Join Date: Dec 2005 Location: Toronto, Ontario, Canada Posts: 48 Rep Power: 0	nevermind i got it working im such a klutz. Heres what I did wrong. I was insert info into it like it was just insert instead of updating the username thingymabob. so heres what I fixed [php] $q3 = "UPDATE user SET ban_reason='$reason', timestamp='$time' WHERE username='$user'"; $result = mysql_query($q3) or die(mysql_error()); [/php] instead of [php] $q3 = "INSERT INTO user('ban_reason, 'time') VALUES('$reason', '$time')"; $result = mysql_query($q3) or die(mysql_error()); [/php] Last edited by KyrinComaBlack; Feb 6th, 2006 at 7:23 PM.

Feb 6th, 2006, 7:09 PM	#5
DaWei Resident Grouch Join Date: Jun 2005 Posts: 6,453 Rep Power: 10	(Toggle Plain Text) $user_lookup = "SELECT * FROM user WHERE username='$user'"; $result = mysql_query($user_lookup) or die("Couldn't lookup username!"); $user_lookup = "SELECT * FROM user WHERE username='$user'"; $result = mysql_query($user_lookup) or die("Couldn't lookup username!"); Here you are making the query. The results of the query are in $result. Where, pray tell, are you LOOKING at the result to SEE if it worked. The next operation I see on $result is to destroy it with another query. You seem to be missing a very basic concept. Have you actually read the books? __________________ Abstraction doesn't make it impossible to write bad code; it makes it possible to write superior code. Contributor's Corner: Grumpy on C++ Exceptions DaWei on Pointers

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Feb 6th, 2006, 8:08 AM	#3
DaWei Resident Grouch Join Date: Jun 2005 Posts: 6,453 Rep Power: 10	As rsnd says, your code is just all garffled up. Put this in your bookmarks or on your button bar, wherever you can get to it with just a click. Refer to it when you write the code. You might also get a good book. One is PHP and MySQL by Williams and Lane. (Toggle Plain Text) resource mysql_query ( string query [, resource link_identifier] ) mysql_query() sends a query (to the currently active database on the server that's associated with the specified link_identifier). Parameters query: A SQL query The query string should not end with a semicolon. link_identifier: The MySQL connection. If the link identifier is not specified, the last link opened by mysql_connect() is assumed. If no such link is found, it will try to create one as if mysql_connect() was called with no arguments. If by chance no connection is found or established, an E_WARNING level warning is generated. Return Values: For SELECT, SHOW, DESCRIBE or EXPLAIN statements, mysql_query() returns a resource on success, or FALSE on error. For other type of SQL statements, UPDATE, DELETE, DROP, etc, mysql_query() returns TRUE on success or FALSE on error. resource mysql_query ( string query [, resource link_identifier] ) mysql_query() sends a query (to the currently active database on the server that's associated with the specified link_identifier). Parameters query: A SQL query The query string should not end with a semicolon. link_identifier: The MySQL connection. If the link identifier is not specified, the last link opened by mysql_connect() is assumed. If no such link is found, it will try to create one as if mysql_connect() was called with no arguments. If by chance no connection is found or established, an E_WARNING level warning is generated. Return Values: For SELECT, SHOW, DESCRIBE or EXPLAIN statements, mysql_query() returns a resource on success, or FALSE on error. For other type of SQL statements, UPDATE, DELETE, DROP, etc, mysql_query() returns TRUE on success or FALSE on error. __________________ Abstraction doesn't make it impossible to write bad code; it makes it possible to write superior code. Contributor's Corner: Grumpy on C++ Exceptions DaWei on Pointers

Feb 6th, 2006, 7:24 PM	#6
KyrinComaBlack Programmer Join Date: Dec 2005 Location: Toronto, Ontario, Canada Posts: 48 Rep Power: 0	i got it fixed and yes I did actually read the books XD

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Programming Forums > Web Development and Design > PHP

Banning Problem