zed420 Posted October 31, 2008 Share Posted October 31, 2008 Hi All Can someone please help me with this code, there are two MySQL tables ‘user_tb’ and ‘job_tb’ id is the primary key in user_tb and user_id is the foreign key in job_tb. A user populates the user_id by form as his Acc no. All I’m trying to do is to prevent him inserting the wrong Acc no (user_id) if he does an error message pop up. With code below I’m getting error message both times whether he inserts Right or Wrong Acc no. there are no other errors, I have also echo the id from user it bring out the right one for the current session user. Some help will be greatly appreciated. if (isset($_POST['user_id'])) { $user_id= mysql_real_escape_string($_POST['user_id']); $query = "SELECT id FROM user WHERE id ='$user_id'"; $result = mysql_query($query)or die(mysql_error()); // If the user was found, if (mysql_num_rows($result) < 1) { error_message("Your Account number was NOT found in our database!"); }else{ if ($name = $_SESSION['name']){ $query = "SELECT id FROM user WHERE username = '$name'"; $result = mysql_query($query) or die ("Couldn't execute query for collecting your data."); if (mysql_num_rows($result) != 'user_id') { error_message("Sorry your inserted Account no. Does Not match with your username"); }else{ Query= INSERT ..... } } } } Thanks Zed Quote Link to comment https://forums.phpfreaks.com/topic/130867-need-help-with-code/ Share on other sites More sharing options...
samshel Posted October 31, 2008 Share Posted October 31, 2008 if (mysql_num_rows($result) != 'user_id') { u r comparing integer with string...i think u need this. $query = "SELECT id FROM user WHERE username = '$name' and id = '$user_id'"; $result = mysql_query($query) or die ("Couldn't execute query for collecting your data."); if (mysql_num_rows($result) < 1) { error_message("Sorry your inserted Account no. Does Not match with your username"); }else{ Query= INSERT ..... Quote Link to comment https://forums.phpfreaks.com/topic/130867-need-help-with-code/#findComment-679245 Share on other sites More sharing options...
zed420 Posted October 31, 2008 Author Share Posted October 31, 2008 Thanks for your reply but no this one doesn't give out any error messages at all even with wrong Acc no. Thanks Zed Quote Link to comment https://forums.phpfreaks.com/topic/130867-need-help-with-code/#findComment-679253 Share on other sites More sharing options...
samshel Posted October 31, 2008 Share Posted October 31, 2008 $query = "SELECT id FROM user WHERE username = '$name' and id = '$user_id'"; echo $query; $result = mysql_query($query) echo the query and check the values that are going in there... Quote Link to comment https://forums.phpfreaks.com/topic/130867-need-help-with-code/#findComment-679257 Share on other sites More sharing options...
zed420 Posted October 31, 2008 Author Share Posted October 31, 2008 Yes its echoing the right values. Right id for each user. Its matter of comparing id with user_id and if they don't match pop out the error msg. Zed Quote Link to comment https://forums.phpfreaks.com/topic/130867-need-help-with-code/#findComment-679300 Share on other sites More sharing options...
samshel Posted October 31, 2008 Share Posted October 31, 2008 you mean you are entering the wrong user id and still it is giving you no error ? Quote Link to comment https://forums.phpfreaks.com/topic/130867-need-help-with-code/#findComment-679306 Share on other sites More sharing options...
zed420 Posted October 31, 2008 Author Share Posted October 31, 2008 Yes even if you insert wrong user_id. Zed Quote Link to comment https://forums.phpfreaks.com/topic/130867-need-help-with-code/#findComment-679319 Share on other sites More sharing options...
zed420 Posted October 31, 2008 Author Share Posted October 31, 2008 Any suggestions ??? Quote Link to comment https://forums.phpfreaks.com/topic/130867-need-help-with-code/#findComment-679482 Share on other sites More sharing options...
zed420 Posted November 1, 2008 Author Share Posted November 1, 2008 Anyone any suggestions please. ??? zed Quote Link to comment https://forums.phpfreaks.com/topic/130867-need-help-with-code/#findComment-679956 Share on other sites More sharing options...
marcus Posted November 1, 2008 Share Posted November 1, 2008 Your code is confusing from the get-go <?php if (isset($_POST['user_id'])) { $user_id = mysql_real_escape_string($_POST['user_id']); $query = "SELECT id FROM user WHERE id ='" . $user_id . "'"; $result = mysql_query($query) or die(mysql_error()); // If the user was found, if (mysql_num_rows($result) < 1) { error_message("Your Account number was NOT found in our database!"); } else { $row = mysql_fetch_assoc($res); if ($row['name'] == $_SESSION['name']) { $query2 = "SELECT * FROM user WHERE username = '" . $row['name'] . "'"; $result2 = mysql_query($query2) or die("Couldn't execute query for collecting your data."); $row2 = mysql_fetch_assoc($result2); if ($row2['id'] != $user_id) { error_message("Sorry your inserted Account number does not match with your username"); } else { #Query = INSERT . . . . . } } } } ?> Quote Link to comment https://forums.phpfreaks.com/topic/130867-need-help-with-code/#findComment-679959 Share on other sites More sharing options...
zed420 Posted November 1, 2008 Author Share Posted November 1, 2008 Hi First Query validates if there is a 'id' in user table else error the Second one I'm trying to validate and failing baddly if the user is inserting his own 'id' if not error msg. Thanks Zed Quote Link to comment https://forums.phpfreaks.com/topic/130867-need-help-with-code/#findComment-679973 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.