Jump to content

Mysql Search Problem

Mod-Jay

By Mod-Jay
in PHP Coding Help

 Share

Recommended Posts

Mod-Jay Member

Mod-Jay

Posted
Posted

Hello , i need some help on this line.

 

Line:

                $compose_a = mysql_query("SELECT * FROM users WHERE username LIKE '%". realEscape($sendto) ."%' LIMIT 1") or die(mysql_error());

 

From the code :

 

     <?php
    if(isset($_GET['usercp']) && $_GET['send'] == 'true') {
      if($_POST['sendtitle'] == "") {
        echo "You need to have a message title.";
      } else {
        if($_POST['sendto'] == "")
        {
          echo "You must enter the username of the user you wish to send a message to.";
        } else {
          if($_POST['sendtext'] == "")
          {
            echo "You have not entered anything to send";
          } else {
                $sendto = str_replace('_', ' ' , $_POST['sendto']);
                $compose_a = mysql_query("SELECT * FROM users WHERE username LIKE '%". realEscape($sendto) ."%' LIMIT 1") or die(mysql_error());
                  if(mysql_num_rows($compose_a) >= 1) {
                    While($compose_b = mysql_fetch_array($compose_a)) {
                  $sendto = $compose_b['id'];
                        }
                        mysql_query("INSERT INTO `notifications` (ipaddress, senderid, recieverid, sent, title, text) VALUES ('". $_SERVER['REMOTE_ADDR'] ."', '". $_SESSION['id'] ."', '" . $sendto . "', NOW(), '". htmlspecialchars($_POST['sendtitle']) ."', '". htmlspecialchars($_POST['sendtext']) ."')") or die(mysql_error());
                            echo "Message has been sent.";
                            } else {
                    echo "The username you entered does not Exist";
                      }
                    }
        }
      }
    }
    ?>

 

The $sendto is a username. i want to make it so if a user puts a Uppercase letter or a lowercase letter or a space where a '_' should be. it still matchs whats in the database. if you find a better way of doing this please post it

Link to comment
Share on other sites
PaulRyan Member

PaulRyan

Posted
Posted

When searching for the Username, can the username have both spaces and underscores?

 

Maybes search for the exact term first, if you cannot find it then display some possible usernames that they could have meant.

 

Try using the following, which includes some variants and some better error handling :)

 

<?php

  if(isSet($_GET['usercp']) && isSet($_GET['send']) && $_GET['send'] == 'true') {
    if(!$_POST['sendtitle']) {
      echo "You need to have a message title.";
    } else if(!$_POST['sendto']) {
      echo 'You must enter the username of the user you wish to send a message to.';
    } else if(!$_POST['sendtext']) {
      echo 'You have not entered anything to send.';
    } else {
      $username  = mysql_real_escape_string($_POST['sendto']);
      $sendText  = htmlspecialchars($_POST['sendtext']);
      $sendTitle = htmlspecialchars($_POST['sendtitle']);

      $userExists = mysql_query("SELECT username FROM users WHERE username='$username' LIMIT 1");
      if(mysql_num_rows($userExists)) {
        $getUser = mysql_fetch_assoc($userExists);
        $sendToID = $getUser['id'];

        $addNotification = mysql_query("INSERT INTO `notifications` (`ipaddress`,`senderid`,`recieverid`,`sent`,`title`,`text`) VALUES ('{$_SERVER['REMOTE_ADDR']}', '{$_SESSION['id']}', '$sendto', NOW(), '$sendTitle', '$sendText')") or die(mysql_error());
        if($addNotification) {
          echo 'Message has been sent.';
        } else {
          echo 'We were unable to send your message.';
        }
      } else {

        $possUsers = mysql_query("SELECT username FROM users WHERE username LIKE '%$username%' LIMIT 10");
        if(mysql_num_rows($possUsers)) {
          $message = 'We couldn't find the user you entered, maybes you meant:'."\n";
          while($user = mysql_fetch_assoc($possUsers)) {
            $message .= $user['username']."\n";
          }
        } else {
          $message = 'We could not find that user, or anyone you might have meant.';
        }

        echo $message;

      }
    }
  }
?>

 

Regards, PaulRyan.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.