<title>mylogin</title>
<body>
<form action="sql.php" method="POST">
User ID: <input type="text" id="userid" name="userid"/><br/>
Password: <input type="text" id="password" name="password"/><br/>
<input type="submit" value="send">
</form>
</body>
and my code sql.php is
<?php
include('..\db.php');
$con = mysqli_connect($dbsrvname, $dbusername, $dbpassword, $dbname);
if (!$con){
echo("Connection ERROR");
die(print_r(mysqli_error($con)));
}
if (!preg_match("/^[0-9]+$/m", $_POST["userid"])){
die("ONLY numbers allowed");
}
$query = "SELECT * FROM tbl1 WHERE id=" .
$_POST["userid"] . " AND password='" .
mysqli_real_escape_string($con, $_POST["password"]) . "';";
$stms = mysqli_query($con, $query);
if ($stms === false){
echo("ERROR during query execution: ");
die(print_r(mysqli_error($con)));
}
$row = mysqli_fetch_array($stms, MYSQLI_ASSOC);
if ($row){
die("Logged in");
}
else{
die("Wrong username or password");}
?>
when in this code
if (!preg_match("/^[0-9]+/", $_POST["userid"])){
die("ONLY numbers allowed");
}
in this code when I input the first number and after this any char like 9a the statement (if) is false and continues without printing "only allowed numbers"
but in this statement
if (!preg_match("/^[0-9]+$/m", $_POST["userid"])){
die("ONLY numbers allowed");
}
when I input 9a or any first number with char like 9a the statement is true and prints "only allowed numbers"
What is the input value I should enter to make the statement (false) and not go inside the if statement which is printing the allowed numbers?
