[xaaroncx]

Hey, On My Text Based Game, Bank has a very serious exploit where you can send your self money, but replacing a vowel in your name with á Like ááron
Can anyone explain how to fix this.
Thanks.

[Keith]

Could you post the source code? It'd make it much easier to help you.

[xaaroncx]

PHP Code:

if (trim(strtolower($to_person)) == trim(strtolower($username))){





    echo "You cannot send the money to yourself"; 



    }elseif (strtolower($to_person) != strtolower($username)){ 

[UnrealEd]

are you saying that "à" is the same as "a"?
when comparing "à" to "a" this will certainly return false:

PHP Code:

if("à" != "a"){

  echo "no match to be found, so i was right";

}else{

  echo "i was wrong";

} 

when testing (click here), it seems i'm right

Greetz,
UnrealEd

[mab]

I think what he is getting at is that the logic in his comparison is saying that these are not equal, then it executes the following code to send the money, but that code (probably mysql, due to character set/language/colation...) is matching this to the "a" version of the name and giving the money back to the same person.

Could you post the following code that process this when it thinks the names are different.

[ngcomputing]

Check the documentation here as well, there are some examples dealing with character conversions from other character sets.

http://us3.php.net/manual/en/function.recode-string.php


Try strcmp() or $mystr===$thisstr (yes three === signs) which does a binary comparison. Check the php docs for more info on the strcmp() string function.