OzWizard

Might still look at using javascript though thanks.

Yeah I looked at Javascript for some of it but thought would be better to stay php, also not always is it 6 numbers sometimes a combination of letters and numbers that why I thought the strlen in php but i have never used it before.

Use a Hardware keylogger, and update company policy stating that keyloggers may be used.

Hi Guys and Gals, I am currently working on adding some php pages to simpleassets opensource asset management, we want to use a usb barcode scanner to do most of the work. but as im not fluent on php below shows what i have created so far. What I really need to do is work out where i can add in a strlen section to make sure the barcode entered is at least 6 characters. <<update.php>> <? $db = mysql_connect("localhost","username","password"); mysql_select_db ("simpleassets"); $query="SELECT * FROM `Assets` WHERE AssetTag LIKE '$ass_tag'"; $result = mysql_query("SELECT * FROM Assets"); $num=mysql_numrows($result); mysql_close(); $date = date('Y-m-d'); echo $date; ?> <html> <head> <title>Stocktake</title> </head> <body OnLoad="document.requestform.ass_tag.focus();"> <form name="requestform" action="updated.php" method="post"> Barcode: <input type="text" name="ass_tag" value="<? echo "$atag";?>"><br> <input type="hidden" name="ud_date" value="<? echo "$date"?>"><br> <input type="Submit" value="Update"> <br><br><br><br><br> <a href="report.php">Stocktake Report</a> </form> </body> </html> from the above i get issued a simple page whereby it focuses on the first field and the barcode scanner can scan a code and it submits, dont worry about the report link as its another page ive made to that reports items that have been scanned or not. <<updater.php>> <?php $hostname="localhost"; $username="username"; $password="password"; $database="simpleassets"; mysql_connect($hostname, $username, $password) OR DIE("Unable to connect"); mysql_select_db("$database") or die("Unable to select database"); $result = mysql_query("set names 'utf8'"); $query="UPDATE Assets SET LastChecked='" . $_POST['ud_date'] . "' WHERE AssetTag LIKE '%" . $_POST['ass_tag'] . "%'"; $checkresult = mysql_query($query) or die (mysql_error()); if ($checkresult) echo '<p>It Worked'; else echo '<p>Ooops Uh Oh'; mysql_close(); ?> <html> <META HTTP-EQUIV=refresh CONTENT="1; URL=update.php"> </html> this page enters the variables into the database then redirects back to main page ready for next scan. Would be great to put in strlen as if submit button is pushed without a code it updates all assets with current date, the other thing is the asset code is prefixed with the letter A inside the database thats why i used the LIKE query. Any ideas to tidy it up or where to put the strlen would be greatly appreciated. PS I have added a column called LastChecked to the table called Assets thus to make it all work correctly, that it does but no verification has been added thats my limitation in php at the moment.