mark103 Posted March 8, 2012 Share Posted March 8, 2012 Ok guys, I am working on my code as I am checking the row in a database that if i have got a same row that I insert the functions in the URL then throw the error that says "you can't store". When I am checking as the rows have already exist, i keep getting "you can now store". Do you know how i can check in a database to see if the rows is exist? here's the code: <?php session_start(); define('DB_HOST', 'localhost'); define('DB_USER', 'mydbuser'); define('DB_PASSWORD', 'mydbpass'); define('DB_DATABASE', 'mydbname'); $errmsg_arr = array(); $errflag = false; $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD); if(!$link) { die('Failed to connect to server: ' . mysql_error()); } $db = mysql_select_db(DB_DATABASE); if(!$db) { die("Unable to select database"); } function clean($var){ return mysql_real_escape_string(strip_tags($var)); } $image = clean($_GET['image']); $strings = clean($_GET['strings']); $username = clean($_GET['user']); $password = clean($_GET['pass']); if (isset($_GET['user']) && (isset($_GET['pass']))) { if($username == '' || $password == '') { $errmsg_arr[] = 'username or password are missing'; $errflag = true; } } if (isset($_GET['image']) || (isset($_GET['strings'])) || (isset($_GET['user']))) { if($image == '' || $strings == '' || $username == '') { $errmsg_arr[] = 'image, strings or username are missing'; $errflag = true; } } if($errflag) { $_SESSION['ERRMSG_ARR'] = $errmsg_arr; echo implode('<br />',$errmsg_arr); } else { $insert = array(); if(isset($_GET['image'])) { $insert[] = 'image = \'' . clean($_GET['image']) . '\''; } if(isset($_GET['user'])) { $insert[] = 'user = \'' . clean($_GET['user']) .'\''; } if(isset($_GET['pass'])) { $insert[] = 'pass = \'' . clean($_GET['pass']) . '\''; if (count($insert)>0) { $names = implode(',',$insert); if($image && $strings && $from && $username) { $qry="SELECT * FROM members WHERE username='$username'"; $result=mysql_query($qry) or die('Error:<br />' . $qry . '<br />' . mysql_error()); $row=mysql_fetch_assoc($result); if ($row >= 1) { echo 'you cant store.'; } else { echo 'you can now store'; } } elseif($username && $pass) { echo "working 2"; } } } ?> Quote Link to comment Share on other sites More sharing options...
cpd Posted March 8, 2012 Share Posted March 8, 2012 Where you say $row=mysql_fetch_assoc($result); You should use one of the following $row_count = mysql_affected_rows($result); // OR $row_count = mysql_num_rows($result); Furthermore, I suggest you use POST to pass sensitive data such as usernames and passwords. Using GET makes it visible through the URL and is never advisable. Quote Link to comment Share on other sites More sharing options...
mark103 Posted March 8, 2012 Author Share Posted March 8, 2012 Thanks, I have added them in my source code, but when I run the debug i can see no difference than what I had. I keep getting the "you can now store". Any idea? Quote Link to comment Share on other sites More sharing options...
cpd Posted March 8, 2012 Share Posted March 8, 2012 Try doing the following just after the line containing "mysql_query" echo mysql_num_rows($result); die; This will confirm rows are being returned. If they are we can progress from there. Quote Link to comment Share on other sites More sharing options...
cpd Posted March 8, 2012 Share Posted March 8, 2012 Just to confirm as well you did change the $row variable in the if statement to $row_count? The code should look as follows: $result=mysql_query($qry) or die('Error:<br />' . $qry . '<br />' . mysql_error()); $row=mysql_fetch_assoc($result); $row_count = mysql_num_rows($result); if ($row_count >= 1) { echo 'you cant store.'; } else { echo 'you can now store'; } Quote Link to comment Share on other sites More sharing options...
Psycho Posted March 9, 2012 Share Posted March 9, 2012 No need to do a comparison such as "$row_count >= 1". A more logical approach, IMHO $query = "SELECT COUNT(*) FROM members WHERE username='$username'"; $result = mysql_query($query) or die("Error:<br />{$query}<br />" . mysql_error()); $username_exists = mysql_result($result, 0); if($username_exists) { echo 'you cant store.'; } else { echo 'you can now store'; } Quote Link to comment Share on other sites More sharing options...
cpd Posted March 9, 2012 Share Posted March 9, 2012 Both methods are satisfactory and in this instance would consume a similar amount of resources. Either or in my opinion: neither are wrong. I just noticed there's also no need what so ever to use a variable in both suggestions. This would leave you with $query = "SELECT COUNT(*) FROM members WHERE username='$username'"; $result = mysql_query($query) or die("Error:<br />{$query}<br />" . mysql_error()); if(mysql_result($result, 0)) { echo 'you cant store.'; } else { echo 'you can now store'; } // ---------------------------- // OR THE FOLLOWING // ----------------------------- $query = "SELECT * FROM members WHERE username='$username'"; $result = mysql_query($query) or die("Error:<br />{$query}<br />" . mysql_error()); if(mysql_num_rows($result) >= 1) { echo 'you cant store.'; } else { echo 'you can now store'; } Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.