My code always return "true" whatever the string is I tried a bunch of thing but they are only return false... I have no idea what I can do to fix this... my code:
public function isBlacklisted($string)
{
$apis = mysql_connect("mysql.hostinger.fr", "mysql user", "testpass") or die(mysql_error());
mysql_select_db("u770656121_api", $apis);
$sql = "SELECT * FROM blacklist";
$result = mysql_query($sql, $apis);
while($row = mysql_fetch_array($result)) {
$username = $row['username'];
if (strpos($string,$username) !== 0) {
return true;
break;
} else {
return false;
break;
}
}
}
strpos returns false is it is not found, and 0 if it is in the first position of the string. It sounds like you want to do:
if (strpos($string,$username) !== false) {
Also, you are looping over the DB results, you should only return if it is found:
while($row = mysql_fetch_array($result)) {
$username = $row['username'];
if (strpos($string,$username) !== false) {
return true;
}
}
return false;
Or, even better:
$sql = "SELECT * FROM blacklist WHERE 'username' LIKE '%$username%'";
$result = mysql_query($sql, $apis);
while($row = mysql_fetch_array($result)) {
if ($row['username']) return true;
}
making sure to escape $username and ideally switching to mysqli or pdo instead of using deprecated mysql statements.