I have problem with my preg_match function it seems it always returns true no matter what’s in the input form? it suppose to just return true when the value has junkies in it.
this is part of the code, the echo in thisCheckerNum always display 1, even when $_POST[‘number2’] has nothing in it… , and because of that it will always go to “die(“Error: passwordOld contains invalid characters!”);”, I need to know why..
[code=php]function thisCheckerNum($str)
{
$var = preg_match(‘/^[a-zA-Z0-9]*$/’, $str);
echo $var;
return $var;
}
if (isset($_POST[‘number1’]) && isset($_POST[‘number2’])) {
$passwordOld = $_POST[‘number2’];
$passwordOld2 = $_POST[‘number3’];
$passwordNew = $_POST[‘number4’];
$passwordNew2 = $_POST[‘number5’];
$sql = “SELECT * FROM users WHERE email=’$email’ AND password=’$passwordOld'”;
$query = mysql_query($sql);
/* filter vals*/
$passwordOld = mysql_real_escape_string(html_entity_decode(htmlentities($passwordOld)));
$passwordOld2 = mysql_real_escape_string(html_entity_decode(htmlentities($passwordOld2)));
$passwordNew = mysql_real_escape_string(html_entity_decode(htmlentities($passwordNew)));
$passwordNew2 = mysql_real_escape_string(html_entity_decode(htmlentities($passwordNew2)));
/*
This counts how many records match our query
*/
echo $email.”<br >”.$passwordOld.”<br >”.$passwordOld2.”<br >”.$passwordNew.”<br >”.$passwordNew2.”<br >”;
//Die if account contains non-alphanumeric characters
if(thisCheckerNum($passwordOld) == 1)
{
die(“Error: passwordOld contains invalid characters!”);
}