Reputation: 869
I create field ($login
), user should register with email or phone number
So I want to o a security check to validate
Can I use 2 functions at same time ? I tried the following code but it didn't work.
if(!is_numeric || isEmail($login)) {
$mesaj = '<div class="msg"><div class="error">Add Valid Email or Phone Number</div></div>';
}else{
$db->Query("UPDATE `users` SET `login`='".$login."' WHERE `id`='".$data['id']."'");
$mesaj = '<div class="msg"><div class="success">Success</div></div>';
}
Any Idea?
Upvotes: 0
Views: 134
Reputation: 3633
You have an error in your code: if(!is_numeric || isEmail($login))
You're not making a function call with is_numeric
. You need to provide it a parameter: is_numeric($myVar)
You also have a SQL Injection problem in your code. Never concatenate strings to build a query. Use parameterized queries instead.
/***
* Data input from client browser / app
***/
$data['id'] = "0' OR id > 0 OR id = '1";
$login = "', `password`='hacked";
"UPDATE `users` SET `login`='".$login."' WHERE `id`='".$data['id']."'"
Output SQL:
"UPDATE `users` SET `login`='', `password`='hacked' WHERE `id`='0' OR id > 0 OR id = '1'"
Upvotes: 1