wildcard not being acknowledged...

Permabanned
Joined
3 Jul 2008
Posts
3,772
Location
My fabulous ship
Hey guys, Im in a bit of a pickle here and was wondering if you could explain to me why the wildcard isnt working....

I have a form which posts information to this script (only basic info)

PHP:
$username = $_POST['username'];
$username = mysql_real_escape_string($username);


$query4 = ("select * from gbob_reservedwords where reserved like '%$username%'");
$result4 = mysql_query($query4) or die ("couldnt get reserved word!");
$numrows4 = mysql_num_rows($result4);
		
if ($numrows4 >> 0)
{
$errors = $errors + 1;
$user_nameerror = 1;
}
at the end of this, if there $errors variable is greater than 0 - revert back to the form and give out an error message :p

My problem is the query checks the database and if the reserved word exactly matched $"username" it outputs an error

but say for example the reserved word was fella and the user put in "fella1" then the results find nothing, basically - the wildcard is completely ignored. Initially I thought it was something to do with mysql_real_escape_string($username) but even without it - I still get the same problem :/

Anyone got any ideas?
 

Pho

Pho

Soldato
Joined
18 Oct 2002
Posts
9,271
Location
Derbyshire
First, use > 0 rather than >> 0.

Also, try doing an echo $query4 and seeing what it's executing.
 
Permabanned
Joined
3 Jul 2008
Posts
3,772
Location
My fabulous ship
ok I see the problem so there's half the task :p

simple: say for example the reserved word was "steven" if the user put in "steven1" the record wouldnt be found because its looking for "%steven1%" I need it to find "steven"

I guess one way would be to query the reserved words table and while its doing each, do an if statement to compare the input text with each reserved word :p thought there would have been a better way though...
 

Pho

Pho

Soldato
Joined
18 Oct 2002
Posts
9,271
Location
Derbyshire
Wildcard works by matching whatever the user has entered within a list of values - so technically entering steven1 shouldn't match against steven :p.

You're probably best off doing this:
In PHP, select all bad words from the database and do a foreach on them. Then check if the inputted string ($username) contains any of those words. If it does break the loop and return error. This fixes the steven1 -> steven scenario, because you're now checking whether steven1 contains steven, not steven contains steven1.
 
Top