1

I have this code for a system:

//get new data from text fields
$i = 0;
$data = array();
while ($i < 7){
    $data[$i] = $_POST['t'.$i];
    $i++;
}

//get the ID to use in the MySQL database query
$id=$data[0];

//get the existing integer from MySQL database
$query="SELECT * FROM tbl WHERE ID='$id';";
$result=mysql_query($query) or die(mysql_error());
$mem=mysql_result($result, 0, 'Member');

//print to see if it's equal
echo 'Does '.$mem.'='.$data[1].'?<br>';

//check equality
if ($mem != $data[1]){
    echo "I'm not supposed to exist";
}

The $data[0] is the unique id for that database table and $data[1] is what we're trying to get.

The code prints $mem as 999999. Same with $data[0], 999999. But for some reason, when I pass them through the if statement, They are not equal.

Red Maverick
  • 11
  • 2
  • 2
    [`MySQL`](http://php.net/manual/en/book.mysql.php) (_mysql_*_ functions) extension is [***deprecated***](http://php.net/manual/en/function.mysql-connect.php). I suggest to use [`MySQLi`](http://php.net/manual/en/book.mysqli.php) (_mysqli_*_ functions) or [`PDO`](http://php.net/manual/en/book.pdo.php) instead. – BlitZ Apr 30 '13 at 07:29
  • 2
    Your if statement compares $data[1], not $data[0]. And escape your single-quotes inside echo. Or use: `echo "I'm not supposed to exist";` – Osiris Apr 30 '13 at 07:30
  • This code should get a syntax error because of the unescaped quote, so it shouldn't even execute. – Barmar Apr 30 '13 at 07:35
  • @Barmar But it "prints" somehow... Probably reproduction of issue. – BlitZ Apr 30 '13 at 07:39
  • In your code you say `$data[1]`, but in your question you say `$data[0]`. Which is it? Please show your _real_ code, because you're probably missing something when you try to reproduce it here. – Barmar Apr 30 '13 at 07:41
  • Hey, sorry, had a little made a little error with the quotes. I also cleared up what the values in data are – Red Maverick Apr 30 '13 at 07:41
  • 1
    Show `var_dump($mem, $data[1])`. – Barmar Apr 30 '13 at 07:44
  • $data[1] is what I'm looking for. The reason why I used $data[0] is because it's the address of an object. Basically the object is supposed to belong to a person's id, and that's $data[1] – Red Maverick Apr 30 '13 at 07:45
  • Might be encoding, if there are `characters` instead of `digits`. Are mysql client and php encodings are compatible? – BlitZ Apr 30 '13 at 07:46
  • look at my answer below and cast it to numbers. That is why I don't like php. If you compare numbers be sure they are compared as numbers in this particular case as integers. – Robert Apr 30 '13 at 07:47
  • string(6) "999999" string(6) "999999" – the output of var_dump($mem, $data[1]); – Red Maverick Apr 30 '13 at 07:48
  • @Robert Podwika there is no difference. OP comparing strings, (`$_GET` - strings, `mysql_result` - strings). – BlitZ Apr 30 '13 at 07:49
  • 1
    they may be difference in encoding. String may be encoded in various types, why don't you check my solution? If you don't want to cast them use binary safe comparing function strcmp(); – Robert Apr 30 '13 at 07:50
  • @RobertPodwika, I casted it to int, but it still compared as unequal – Red Maverick Apr 30 '13 at 08:27

1 Answers1

2

Cast them to int

if ((int)$mem != (int)$data[1]){
    echo "I'm not supposed to exist";
}

you write data[0] is equal to $mem and you compare $data[1]

Robert
  • 19,800
  • 5
  • 55
  • 85