PHP - How Do I Receive Php Form Post Data (and Redirected User) From Another Website?

Hello,

i want to send and receive data from https url.

how it can be done in php?

Thanks

I needed a server side PHP validation script for my form to use on top of client side Javascript as a backup. I found a nice package where I just include the validator and set a few options then it does the rest. However it doesn't seem to work with the action="whateveraction.php" for the form. It will skip all the validation and immediately go to the action script. So I left that blank as you can see in the form below and figured I would send the post data somehow to the script using PHP when the validation is successful. However I am stumped on how to do that can I get some coding help?

This is the small validation script. I will attach the formvalidator.php in this post.
Code: [Select]
<?php
require_once "formvalidator.php";
if(isset($_POST['submit']))
{
    $validator = new FormValidator();
    $validator->addValidation("age","req","Please fill in your Age");
    $validator->addValidation("mcid","req","Please fill in your Minecraft Username");
    $validator->addValidation("description","req","Please fill in a Description");
    if($validator->ValidateForm())
    {

      //need something here to have it send the post data to /mcbuildapp/form_submit.php

    }
    else
    {
        echo "<div class=blockrow><b><font size=5>Form Errors:</font><b></div>";

        $error_hash = $validator->GetErrors();
        foreach($error_hash as $inpname => $inp_err)
        {
          echo "<div class=blockrow><p><font color=red>$inp_err</font></p>\n</div>";
        }
    }
}

Then the form if it matters....
Code: [Select]
<div class="blockrow">
<font size=4><b>Minecraft Building Rights Application</b></font>
<br />
<br />
<b>Failing to fill in any of these fields sufficiently will result in an automatic denial of your application!</b><br />
<b>Think of it this way, being lazy and applying wrong is only wasting your time. Take the time to do it correctly the first time.</b>
 
<br />
<br />

<b><font color=red>To ensure proper user authentication and security you must first join the server at least once before applying for your building rights to work!</font></b>
<br />
<br />
<form action="" id="mcbuilderapp" name="mcbuilderapp" method="post">

<label><b>Your Minecraft Username (required)</b><br />
Use exact capitalization and punctuation that matches your Minecraft.net account!</label>
 
<br />
<br />
 
<input type="text" name="mcid" id="mcid" maxlength="25"/>
 
<br />
<br />
 
<label><b>Your Age (required)</b></label>
 
<br />
<br />
                 
<input type="text" name="age" id="age" maxlength="3"/>
   
<br />
<br />
 
<label><b>Describe Yourself (required)</b><br />
Describe yourself in <b>no less</b> than 3 sentences using <b>correct grammar</b>.</label>
 
<br />
<br />
 
<textarea name="description" id="description" minlength="10" maxlength="1000" cols=60 rows=5 wrap="physical">
</textarea>
 
<br />
<br />
 
<input type="submit" name="submit" value="Submit" />
</form>
</div>
MOD EDIT: PHP manual tags changed to code tags . . .

[attachment deleted by admin]

How can I encrypt POST data from a form? Basically, I want to ensure that the data on the form is not in plain text ever. Is this possible?

<form method="post">
<input type="text" name="email" size="40">
<input type="password" name="password"/>
...


Basically, when this posts, I want to do a foreach on $_POST and see something like:
password = 1f3870be274f6c49b3e31a0c6728957f
  and not
password = stringTheUserTyped

I hope what I'm asking for is clear.
(PHP 5.2.14)

Thanks!

I have a form with lots of fields.

How would I run a loop to get each field name and data into an array, so i can then send it off to a function to process each field name / data differently. Instead of typing all the variables in the main function name for each post.

Would a foreach statement work?

Ok from one brick wall to the next. After lots of help with my last query I moved onto the next task an I'm completely stuck again.

I have a form thats created with a loop.  Here is that form


 <form action="" method="post" id="">
        <?php 
 for ($i = 1; $i <= $totalRows_rs_cacheNum; $i++) {
    echo "<label>Cache ".$i."</label>
          <span id='sprytextfield".$i."'>
         <input name='cache[$i]' type='text' value='".$_POST['cache[$i]']."'/>
         <span class='textfieldRequiredMsg'>Required!</span></span>
         <div class='clear'></div>";
}
?>
 <input name="nextbtn" type="submit" value="Next" />


When a user enters data in all the fields, If one piece of information is incorrect an error pops up saying one of the fields you entered does not match the fields in the database. At the same time however i wish to keep the data they have entered in each of the fields.

Normally you'd just write

value="<?php echo $_POST['fieldName'];?>"

but for some reason in this case it does not work. can someone point me in the right direction.  I've tried Google many different terms but I can not find the correct term to find my answer.  Hence me asking you guys again.

Thanks

ok..ive done this a million times..i have a working example here and i copied it and amended it for this new project but for some reason i cant get a form to post data to another page.

this is the error message i get

Notice: Undefined index: username in C:\wamp\www\uni\fyp\site\mobile\login.php on line 16

Notice: Undefined index: password in C:\wamp\www\uni\fyp\site\mobile\login.php on line 17

here is my form code:

                    <form method="post" action="login.php">
                        <table align="center" cellpadding="0" cellspacing="0">
                        <tr>
                            <td style="vertical-align:top;">Username:&nbsp; </td><td><input type="text" name="username" value="" /></td>
                        </tr>
                        <tr>
                            <td style="vertical-align:top;">Password:&nbsp; </td><td><input type="password" name="password" value="" /><br /><input type="submit" id="submit" value="Login" /></td>
                        </tr>
                        </table>
                    </form>


and here is the code within the login.php where the form should post to

$username = $_POST['username'];

$password = $_POST['password'];

// Help protect against MySQL injection

$username = stripslashes($username);

$password = stripslashes($password);

$username = mysql_real_escape_string($username);

$password = mysql_real_escape_string($password);

// Selecting data from database where correct username and password are found

$sql="SELECT * FROM customer WHERE username='$username' and password='$password'";

$result=mysql_query($sql) or die(mysql_error());



i cant see anything wrong..been looking for hours...please please help me

The PHP code sends me an email from the server, but the user input is empty or "blank". I only receive: "From: \ Email: \ Subject: \ Message: " and that's it.

How do I fix my PHP and/or HTML code to receive user input from the form? Attached is my existing HTML and PHP code that doesn't send me any "user input" from the form.

Thanks to anyone who can help!!

I'm building a php program that registers users onto a website. With the help of people from this thread http://www.phpfreaks.com/forums/index.php?topic=332260.15
I was able to accomplish the goal and now the signup works with conditions that check for a valid email, and if the password is strong enough.

T he program correctly displays the the problem when a user does NOT enter a valid email, or a strong enough password, but the user has to re-enter the email and password everytime.

I want to make it so that the fields remained populated with what the user entered previously, so he or she does not have to re-enter his or her email/password.

Here is the code (its really ghetto)

Code: [Select]
<?php

function check_email_address($email) {
    // First, we check that there's one @ symbol, and that the lengths are right
    if (!ereg("^[^@]{1,64}@[^@]{1,255}$", $email)) {
        // Email invalid because wrong number of characters in one section, or wrong number of @ symbols.
        return false;
    }
    // Split it into sections to make life easier
    $email_array = explode("@", $email);
    $local_array = explode(".", $email_array[0]);
    for ($i = 0; $i < sizeof($local_array); $i++) {
         if (!ereg("^(([A-Za-z0-9!#$%&'*+/=?^_`{|}~-][A-Za-z0-9!#$%&'*+/=?^_`{|}~\.-]{0,63})|(\"[^(\\|\")]{0,62}\"))$", $local_array[$i])) {
            return false;
        }
    }    
    if (!ereg("^\[?[0-9\.]+\]?$", $email_array[1])) { // Check if domain is IP. If not, it should be valid domain name
        $domain_array = explode(".", $email_array[1]);
        if (sizeof($domain_array) < 2) {
                return false; // Not enough parts to domain
        }
        for ($i = 0; $i < sizeof($domain_array); $i++) {
            if (!ereg("^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|([A-Za-z0-9]+))$", $domain_array[$i])) {
                return false;
            }
        }
    }
    return true;
}

define('DB_NAME', 'catch');
define('DB_USER', 'username');
define('DB_PASS', 'password');
define('DB_HOST', 'page.sqlserver.com');

// contact to database
$connect = mysql_connect(DB_HOST, DB_USER, DB_PASS) or die('Error , check your server connection.');
mysql_select_db(DB_NAME);
  
//Get data in local variable
$v_name=$_POST['name'];
$v_email=$_POST['email'];
$v_msg=$_POST['msg'];


 if ( check_email_address($_POST['name'])  == false) 
 
 
 {
   $query = "INSERT INTO contact(name,email,msg) VALUES ('$v_name','$v_email','$v_msg')";
$result = mysql_query( $query );

if( !$result ) {
die( mysql_error() );
}
echo <<<EOD
<head>      
<link rel="stylesheet" type="text/css" href="http://hedgezoo.com/signup.css">
</head>
<h2>Free Registration</h2>
<form action="contact_insert2.php" method="POST" id="insert">
<table>
<tr>
<td>Email</td>
<td ><input type="text" size="40" name="name"></td>
</tr>
    <tr>
<td>Password</td>
<td><input type="password" size="40"  name="msg" ></td>
</tr>
<tr>
<td colspan=2 id="sub">
You must enter a valid email. <br />
<input type="submit" name="submit" value="submit">
</td>
</tr>
</Table>
</form>
EOD;
}

if( $v_name == "" || $v_msg == "" )
// if name is empty or if pass is empty
{
$query = "INSERT INTO contact(name,email,msg) VALUES ('$v_name','$v_email','$v_msg')";
$result = mysql_query( $query );

if( !$result ) {
die( mysql_error() );
}

echo <<<EOD
<head>      
<link rel="stylesheet" type="text/css" href="http://hedgezoo.com/signup.css">
</head>
<h2>Free Registration</h2>
<form action="contact_insert2.php" method="POST" id="insert">
<table>
<tr>
<td>Email</td>
<td ><input type="text" size="40" name="name"></td>
</tr>
    <tr>
<td>Password</td>
<td><input type="password" size="40"  name="msg" ></td>
</tr>
<tr>
<td colspan=2 id="sub">
You must enter an email and password. <br />
<input type="submit" name="submit" value="submit">
</td>
</tr>
</Table>
</form>
EOD;
}

if( strcspn( $_REQUEST['msg'], '0123456789' ) == strlen( $_REQUEST['msg'] ) )
// the above statement says if pass does not contain a number
{
$query = "INSERT INTO contact(name,email,msg) VALUES ('$v_name','$v_email','$v_msg')";
$result = mysql_query( $query );

if( !$result ) {
die( mysql_error() );
}
echo <<<EOD
<head>      
<link rel="stylesheet" type="text/css" href="http://hedgezoo.com/signup.css">
</head>
<h2>Free Registration</h2>
<form action="contact_insert2.php" method="POST" id="insert">
<table>
<tr>
<td>Email</td>
<td ><input type="text" size="40" name="name"></td>
</tr>
    <tr>
<td>Password</td>
<td><input type="password" size="40"  name="msg" ></td>
</tr>
<tr>
<td colspan=2 id="sub">
<div style="color:red;">Your password must contain a number.</div> <br />
<input type="submit" name="submit" value="submit">
</td>
</tr>
</Table>
</form>
EOD;
}


if( strlen($_POST['msg']) < 8 )
// the above statement says if pass is not 8 characters long
{
$query = "INSERT INTO contact(name,email,msg) VALUES ('$v_name','$v_email','$v_msg')";
$result = mysql_query( $query );

if( !$result ) {
die( mysql_error() );
}
echo <<<EOD
<head>      
<link rel="stylesheet" type="text/css" href="http://hedgezoo.com/signup.css">
</head>
<h2>Free Registration</h2>
<form action="contact_insert2.php" method="POST" id="insert">
<table>
<tr>
<td>Email</td>
<td ><input type="text" size="40" name="name"></td>
</tr>
    <tr>
<td>Password</td>
<td><input type="password" size="40"  name="msg" ></td>
</tr>
<tr>
<td colspan=2 id="sub">
<div style="color:red;">Your password must be at least 8 characters long.</div> <br />
<input type="submit" name="submit" value="submit">
</td>
</tr>
</Table>
</form>
EOD;
}


if ( $_POST['msg'] == strtolower($_POST['msg']) )
// the above statement says if pass is all lowercase
{
$query = "INSERT INTO contact(name,email,msg) VALUES ('$v_name','$v_email','$v_msg')";
$result = mysql_query( $query );

if( !$result ) {
die( mysql_error() );
}
echo <<<EOD
<head>      
<link rel="stylesheet" type="text/css" href="http://hedgezoo.com/signup.css">
</head>
<h2>Free Registration</h2>
<form action="contact_insert2.php" method="POST" id="insert">
<table>
<tr>
<td>Email</td>
<td ><input type="text" size="40" name="name"></td>
</tr>
    <tr>
<td>Password</td>
<td><input type="password" size="40"  name="msg" ></td>
</tr>
<tr>
<td colspan=2 id="sub">
<div style="color:red;">Your password must have at least one capital letter.</div> <br />
<input type="submit" name="submit" value="submit">
</td>
</tr>
</Table>
</form>
EOD;
}

if ( preg_replace("/[^a-zA-Z0-9\s]/", "", $_POST['msg']) == $_POST['msg'] )
// the above statement says if pass contains no special characters
{
$query = "INSERT INTO contact(name,email,msg) VALUES ('$v_name','$v_email','$v_msg')";
$result = mysql_query( $query );

if( !$result ) {
die( mysql_error() );
}
echo <<<EOD
<head>      
<link rel="stylesheet" type="text/css" href="http://hedgezoo.com/signup.css">
</head>
<h2>Free Registration</h2>
<form action="contact_insert2.php" method="POST" id="insert">
<table>
<tr>
<td>Email</td>
<td ><input type="text" size="40" name="name"></td>
</tr>
    <tr>
<td>Password</td>
<td><input type="password" size="40"  name="msg" ></td>
</tr>
<tr>
<td colspan=2 id="sub">
<div style="color:red;">Your password must have at least one special character.</div> <br />
<input type="submit" name="submit" value="submit">
</td>
</tr>
</Table>
</form>
EOD;
}
else 
echo <<<EOD
<B>GO FUCK YOURSELF</B>
EOD;
 ?>

$post='{"cart_items":[{"configuration":{"price":100,"recharge_number":"9999999999"},"product_id":"999","qty":1}]}';

i try this n reslut was :There are no valid items in cart:   help me plz
Edited by ShivaGupta, 30 November 2014 - 01:11 AM.

I have two tables.

Table Name:Users

Fields:

User_name
user_email
user_level
pwd


2.Reference

Fields:

refid
username
origin
destination

user_name in the users table and the username field in reference fields are common fields.



There is user order form.whenever an user places an order, refid field in reference table will be updated.So the user will be
provided with an refid

Steps:

1.User needs to log in with a valid user id and pwd
2.Once logged in, there will be search, where the user will input the refid which has been provided to him during the time of order placement.
3.Now User is able to view all the details for any refid
3.Up to this we have completed.

Query:

Now we need to retrieve the details based on the user logged in.

For eg: user 'USER A' has been provided with the referenceid '1234' during the time of order placement
user 'USER B' has been provided with the referenceid '2468' during the time of order placement

When the userA login and enter the refid as '2468' he should not get any details.He should get details only for the reference ids which is assigned to him.



<?php


session_start();

if (!$_SESSION["user_name"])


      

{
        // User not logged in, redirect to login page
        Header("Location: login.php");
     }
$con = mysql_connect('localhost','root','');
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("login", $con);
$user_name = $_POST['user_name'];
$refid = $_POST['refid'];
$query = "SELECT * from reference,users WHERE reference.username=users.user_name AND reference.refid='$refid' AND ";

$result = mysql_query($query) or trigger_error('MySQL encountered a problem<br />Error: '  . mysql_error() . '<br />Query: ' . $query);

 while($row = mysql_fetch_array($result))
  {
  echo $row['refid'];
  echo $row['origin'];
  echo $row['dest'];
  echo $row['date'];
  echo $row['exdate'];
  echo $row['username'];
  }
echo "<p><a href=\"logout.php\">Click here to logout!</a></p>";
?>

 <html>
<form method="post" action="final.php">
Ref Id:<input type="text" name="refid">
<input type="submit" value="submit" name="submit">
</html> 

Hey Guys. I am working with a form that shows the grand total on the checkout page. The value of the grand total is inside a hidden field. When click on  submit, the _POST array doesn't get back the last value of the grand total. I need to hit the button twice to get the last value. The weird thing is when I  echo the value of the grand total it display the latest value, but not with the POST array   For example. If the grand total is $10.00 and I click on submit. It will show the POST['grand_total'] as empty. If I click on submit again it will show the grand total of $10.00. Below is my code that I am working with. Any help would be really appreciated.

if(isset($_POST['submit'])) {
/* Doesn't show if i put it after if($_POST['submit'] */
if(isset($_POST['grand_total'])) {
echo $_POST['grand_total'];
}

}

//A bunch of other html/php code. Another class calculates the subtotal assigns it the variable $subtotal



$cart_totals = new cartTotals($subtotal, $discounted_amount,$post_values->tip); // Cart class is shown below

/* Doesn't show if i put it before if($_POST['submit'] */
if(isset($_POST['grand_total'])) {
echo $_POST['grand_total'];
}
echo  "<input name='grand_total' type='hidden' value='$cart_totals->grand_total'  />"; // Shows the grand total after second from submission
echo "$cart_totals->grand_total"; // Shows grand total after the first submission

Cart Totals Class

class cartTotals  {

	public $subtotal;
	public $sales_tax;
        public $tip;
	public $grand_total;
        public $discount_amount;
	public $href_page;
	public $invalidCouponMessage;
	const  TEST_ENVIORMENT = FALSE;


	/**
	 * [ Function gets constructed in the order summary where the [$discount_amount= ""]  arg does need to be passed.
     * But does get passed in when called on the checkout.php page. Therefore we set the default value to an empty string.]
	 * @param [float] $subtotal   [subtotal get passed in from the parent class coreCartFunction]
	 * @param string $discount_amount [The class checkCouponCode calculates this discount amount based on the
     * subtotal and the discount amount. It gets instantiated on the clients side and passed is this construction function.
     * This is all done on the checkout page.]
	 */

    /*The way the construct function works is by invoking all the methods the passed arguments
    When the methods get invoked the do all the work and set the properties its values. The properties then get echoed out
    on the client side.  */
	
    function __construct($subtotal="", $discount_amount= "", $tip=""){
    
    $this->subTotal($subtotal, $discount_amount);//SubTotal method takes the discount amount and subtracts it from the subtotal.
    $this->salesTax($subtotal, $discount_amount);
    $this->tip = $tip;
    $this->grandTotal();
	}

    private function subTotal($subtotal,$discount_amount) {

            $rounded_subtotal = round($subtotal-$discount_amount,2);
            $money_format_subtotal =  money_format('%i',$rounded_subtotal);
            $this->subtotal = $money_format_subtotal;
    }


    private function salesTax($subtotal, $discount_amount =""){
	$sales_tax = (STORE_SALES_TAX)?(float)STORE_SALES_TAX:8.875;
	$sales_tax =(($this->subtotal)*$sales_tax)/100;
	$sales_tax = round($sales_tax,2);
	$this->sales_tax = $sales_tax;
	}


	public function Tip() {
    //global $post_values;
    //$last_tip_selected = $post_values->tip > 0 ? $post_values->tip : "" ;
	$tip_output = "<select id='tip' name='tip'>";
 	for($tip=0.00; $tip<=11.75; $tip+=0.25){
 	if( $tip == "2") {$selected = " selected";} else {$selected ="";}
       $formatted_tip =  money_format('%i',$tip);

	$tip_output .= "<option {$selected} id='selected_tip' value='$formatted_tip'>"."$".$formatted_tip ."</option>".PHP_EOL;
		}

		$tip_output .= "</select>";
		return $tip_output;

    }

    private function grandTotal(){
        $grand_total = round($this->sales_tax+$this->subtotal+$this->tip,2);
        $grand_total_formatted =  money_format('%i',$grand_total);
        $this->grand_total = $grand_total_formatted;

    }

I am having trouble on user post = rank

This is the rank table:
-----------------
post   | rank
-----------------
0        | Noob
10      | Member
50      | Metal
100    | Silver
200    | Gold


$user_post="120";

$query_rank=mysql_query("SELECT * FROM rank WHERE post<='$user_post' OR post>='$user_post'") or die ("Error");
while ($row=mysql_fetch_assoc($query_rank)){
   $rank=$row['rank'];
}

echo "User Rank: $rank";

The above code output:
User Rank: Gold

The right output should be:
User Rank: Silver


Please help
It will be better if someone willing to share a better ranking code.

Hey fellas, and ladies, and all you other php wize's.  Names mike and I'm new to php and mysql.  Ive done alot of self study but have no formal training at all.  I am pretty much just winging my code from w3 schools and other php online codeing helps.  I am currently making a registration script for my site, and have hit a bit of a snag.  Her is the current code for my regpass.php.

<?php
include('srvdbcon.php');

$NewUserNameTest=$_POST['NewUserName'];
if(!ereg('[^A-Za-z0-9]',$NewUserNameTest))
     {
     $query="SELECT * FROM user WHERE user ='$_POST(NewUserName)'";
     $result=mysql_query($query);
     $num=mysql_num_rows($result);
     if($num == 0)
          {
     $query2="SELECT * FROM user WHERE email ='$_POST(NewUserEmail)'";
          $result2=mysql_query($query2);
          $num2=mysql_num_rows($result2);
     if ($num2 == 0)
               {
          if(($_POST[NewUserPw]==$_POST[NewUserPwCon])&&($_POST[NewUserEmail]==$_POST[NewUserEmailCon]))
                    {
                    //Create a random code
                    $confirm_code=md5(uniqid(rand()));
                    //HACK PREVENTION
                    $name=strip_tags($_POST['NewUserName']);
                    $email=strip_tags($_POST['NewUserEmail']);
                    $pw=strip_tags($_POST['NewUserPw']);
                    //Insert Information Into Temp Code
                    $sql="INSERT INTO temp SET code='$confirm_code',user='$name', email='$email', password='$pw'";
                    $result=mysql_query($sql);
          if($result)
                         {
                      $message="SCG.O Confirmation \r\n";
                      $message="Enter this confirmation code into confirmation page.\r\n";
                      $message="Enter code into confirmation: $confirm_code";
                      $sentmail=mail("$email",'Registration Confirmation',"$message",'From: SCGAdmin@uprisetechnology.com');
                      header("Location:index.php");
                      }
                          else
                             {
                             die ("Something went wrong.");
                             }
          }
                    else
                    {
                    die("Password And / Or Email does not match the confirmation entry");
                    }
          }
               else
               {
               die("Email Already in Use");
               }
          }
          else
          {
          die("Username already in use");
          }
     }
     else
     {
     die("Username includes Bad Characters.");
     }
?>



----------------------------------------------------------------------------
The problem I am having is the code executes up to Confirming email and password with the confirming.  I have checked, and double checked, the names of the variables $NewUserEmail $NewUserEmailCon $NewUserPw $NewUserPwCon      When I click the register button it runs the regpass.php but I am getting the Die results for Error with matching confirmations.

Any help would be appreciated.  I know it is not the neatest codeing, nor is it probably logical to more vast programmers, but I am learning, and programming accourding to my own logic so I can understand it.  Thanks.  The code does not post anything to the mysql db but everything else is set up properly.  The DB works, I have created this kind of script before with help from others, but this one is using my logic so I can understand the code.
Thanks again.
NeverBeGosu

I'm trying to make a League of Legends (a video game) community website, both as a personal project and for practice.
Now the game has a lot of champions, each of whom have 5 unique abilities. Now, I thought about manually inputting all the details about each champion into a MySQL database, but that would long and tedious, and I don't really have the time for it now. Also, the game patches very oftern (like, once every 2 weeks) which changes many of the stats, etc. of the champion, and it is not possible for me to keep manually updating these every time there is a patch.

Fortunately, there is a League of Legends Wiki which has all the data I need in their specific champion pages, which they keep updated per patch. So I was wondering if there was any way to get the data from the divs in the wiki, and have it display on my site. What I want to do in my website is that whenever someone types a champion's name (in a post or whatever), I want it to display a hover-over dialog with some of the champions details. And a lot of other features such as that.

In plain English I need a way to :
> Tell PHP to go to the wiki's source code on a specific page
> Find a specific div container
> Get X data from there
> Pass X data into a function to display the hover-over

I think this way, I would not have to maintain a database as I can leech off the wiki's data.
I have not coded anything like this before, so I would like a few pointers as to how to achieve this. Any help will be appreciated!

hello all -

I have a social network for the cystic fibrosis community and we've had a spammer the passed couple of days. I have captchas set up and they work well, but in addition to those I want to limit the amount of blogs a user is allowed to post a day.

I have been able to count and echo out the amount a user has made, but for some reason, when I use an if statement to stop the blog from posting it still post's. I have been working on this going on hour 8 now and need some major help

Thanks in advnace. Here is my code

Code: [Select]
if(isset($_POST['subComposeBlog'])) {

$query = "SELECT COUNT(`id`) FROM `cysticBlogs` WHERE `Author` = '".$auth."' && `date` = NOW() && `status` = 'active'";
$request = mysql_query($query,$connection) or die(mysql_error());
$result = mysql_fetch_array($request);

        $valid = true;



if($_POST['Category'] == "null") {
$valid = false;
$error_msgs[] = "Whoops! Please select a category for this blog.";
}

if(empty($_POST['blogTitle'])) {
$valid = false;
$error_msgs[] = "Whoops! Cannot submit a blog without a title,how are you going to attract people's attention to read your masterpiece?";

}

if(empty($_POST['blogBody'])) {
$valid = false;
$error_msgs[] = "Whoops! Cannot submit a blog without a body,that would not be a blog now would it?";

}

if($result['COUNT(`id`)'] > 3) {
$valid = false;
echo "Whoops! You can only write three blogs per day due to spam";
}

         if($valid) {

$query = "INSERT INTO `cysticBlogs` (
`blogTitle`,
`blogBody`,
`date`,
`time`,
`Author`,
`Category`
) VALUES (
'" . mysql_real_escape_string($_POST['blogTitle']) ."',
'" . mysql_real_escape_string($_POST['blogBody']) ."',
'" . date("Y-m-d") ."',
'" . date("G:i:s") ."',   
'" . $auth->id ."',
'" . mysql_real_escape_string($_POST['Category']) ."')";

mysql_query($query, $connection) or die (mysql_error());
header("Location: BlogsSecurity.php");

}
}