These conditions are not observed, it does not display a message, and if it does, it sculpts another message and, of course, puts spaces in the username in the database, the same condition and the second condition enters the base into the database, and if it displays the message, it sculpts other

if (preg_match("/\\s/", $username['username']) && $newusername['newusername'] == true) { echo 'логин не должен содержать пробелов'; } if (empty($username['username']) && $newusername['newusername']) { echo 'пустое поле'; }

Below is the full code

 <?php include 'core/init.php'; protect_page(); include 'includes/overall/header.php'; if (isset($_POST['username'], $_POST['newusername'])) { $username = mysql_real_escape_string($_POST['username']); $newusername = mysql_real_escape_string($_POST['newusername']); $sql = mysql_query("SELECT COUNT(username) FROM `users` WHERE `username` = '" . $_POST['newusername'] . "';"); $result = mysql_result($sql, 0); if ($result > 0) { echo "Ошибка, логин существует"; } else { echo (mysql_query("UPDATE `users` SET `username` = '$newusername' WHERE `username` = '$username'")) ? "Данные успешно обновлены!" : "Произошла ошибка при обновлении данных"; } if (preg_match("/\\s/", $username['username']) && $newusername['newusername'] == true) { echo 'логин не должен содержать пробелов'; } if (empty($username['username']) && $newusername['newusername']) { echo 'пустое поле'; } } ?> <h1>пользователи!</h1> <?php $ath = mysql_query("SELECT * FROM `users` WHERE `type`=0"); if ($ath) { // Определяем таблицу и заголовок echo "<table border=1>"; echo "<tr><td>user_id</td><td>логин</td><td>пароль</td><td>имя</td><td>email</td></tr>"; // Так как запрос возвращает несколько строк, применяем цикл while ($author = mysql_fetch_array($ath)) { echo "<tr><td>" . $author['user_id'] . " </td><td>" . $author['username'] . " </td><td>" . $author['password'] . " &nbsp </td><td>" . $author['first_name'] . " </td><td>" . $author['email'] . " &nbsp </td></tr>"; } echo "</table>"; } else { echo "<p><b>Error: " . mysql_error() . "</b><p>"; exit(); } ?> <form action="" method="post"> <ul> <li>логин*: <br> <input type="text" name="username"> </li> <li>изменить логин*: <br> <input type="text" name="newusername"> </li> <li> <input type="submit" value="сохранить изменения"> </li> </ul> </form> <?php include 'includes/overall/footer.php'; ?>
  • Why did you put all the code, how do I fall asleep now ... - LTKH
  • depricated This extension is deprecated since PHP 5.5.0 and will be removed in the future. Use MySQLi or PDO_MySQL instead. See also the MySQL instruction: API selection and the corresponding FAQ for more details. Alternatives to this function: mysqli_connect () PDO :: __ construct () - zb '24
  • And this is not the only problem here. Why are only some passwords in the database, in the OPEN form (I doubt that in a closed network) falling out on the display, the plague. - LTKH
  • you would have answered a hundred years later, but do not worry, ladies and gentlemen, now everything works at the highest level with the latest programming and works amazing on the server, so you can sleep peacefully XDDDD - LLIAKAJI

3 answers 3

Hello, I kind of found the error $newusername['newusername'] , but as I understood it was not an array, but the usual variable $newusername . And also $username['username'] , but $username needed. Eventually:

 if (preg_match("/\\s/", $username) && $newusername==true) echo 'логин не должен содержать пробелов'; if (empty($username) && $newusername) echo 'пустое поле';
  • absolutely nothing has changed - LLIAKAJI 8:49 pm
  • Then at the very beginning make exit ($ _ POST ['username']. '|||'. $ _POST ['newusername']); If it displays what you entered, then the transfer was successful, if not, then you may not have the <form> tag closed - this form is better, it happens that on the page 1-2 of the form immediately and one of them forget to close and the data is transmitted via another method. - Node_pro
  • exit ($ _ POST ['username']. '|||'. $ _POST ['newusername']); I wrote it at the very beginning to me only ||| green color - LLIAKAJI
  • Do you have more forms on the page? Well, let's try the experiment: exit($_GET['username'].'|||'. $_GET['newusername']); .The situation has not changed? - Node_pro
  • nothing has changed, and I laid out all the code on top - LLIAKAJI

the regular expression "/ \ s /" inside, it seems to me, there should be one slash

    Compliance with the pattern of the new user name, you need to check before any manipulations with the database, because the need for this is gone, and the database is better for health.

     /* Удалить пробелы (или другие символы) из начала и конца строки Могут появиться, если логин был вставлен со стороннего ресурса */ $newusername = trim($_POST['newusername']); /* Проверить соответствие шаблону: 1) только буквы латиницы; 2) логин может начинаться с заглавной; 3) длина не больше 16-ти символов, вместе с заглавной. */ if(!preg_match('/^[AZ]{0,1}[az]{0,15}$/', $newusername)){ echo 'Недопустимое имя пользователя'; exit; }
    • I believe in the word that it works =) - LLIAKAJI
    • It's sarcasm? :) - LTKH
    • one
      Exactly ... A blank line will slip through. Everything, it's time to finish programming ... not mine. - LTKH