savagenoob Posted January 16, 2009 Share Posted January 16, 2009 I am creating a timeclock system and want to check to make sure they are not clocking in when they are already clocked in... how do i lookup status of the employee before inserting on this: <?php $employee = $_SESSION['SESS_MEMBER_ID']; $inout = $_POST['punch']; $query = "INSERT INTO timeclock SET Employee='$employee', InOut='$inout'"; $result = mysql_query($query); echo mysql_error(); echo $query; mysql_free_result($result); ?> Quote Link to comment Share on other sites More sharing options...
corbin Posted January 16, 2009 Share Posted January 16, 2009 SELECT InOut from timeclock WHERE Employee = 'Blah'; Then check InOut. You should be sanitizing input by the way (assuming you didn't just omit that from the post). SQL injection = evil. Quote Link to comment Share on other sites More sharing options...
savagenoob Posted January 16, 2009 Author Share Posted January 16, 2009 Yeah, I am getting it to work first but 'punch' doesnt come from user text, just a menu that says out, in, lunch, break and submit. Ok, I tried this: <?php $employee = $_SESSION['SESS_MEMBER_ID']; $inout = $_POST['punch']; $fquery = "SELECT clock, Time FROM timeclock WHERE employee = '$employee' ORDER BY ID DESC LIMIT 1"; $fresult = mysql_query($fquery); if ($fresult[0] != $inout) { $query = "INSERT INTO timeclock SET Employee='$employee', clock='$inout'"; $result = mysql_query($query); echo mysql_error(); echo "<meta http-equiv=refresh content=\"0; URL=time.php\">"; mysql_free_result($result); } else { echo "You selected same status..."; } ?> But it still lets you submit 'In' if your already clocked in... Im such a noob. Quote Link to comment Share on other sites More sharing options...
corbin Posted January 16, 2009 Share Posted January 16, 2009 It still comes from the client. Know how hard HTML is to change? I can do it in Firefox with Firebug without even saving the page ;p. $fresult = mysql_query($fquery); if ($fresult[0] != $inout) { $fresult would be a resource, not an array. You would want to pull the data from the resource, with a function like mysql_fetch_row or mysql_fetch_assoc. (In this situation, mysql_result might actually be faster.) Anyway, you would want to do: $fresultq = mysql_query($fquery); $fresult = mysql_fetch_row($fresultq); Quote Link to comment Share on other sites More sharing options...
savagenoob Posted January 16, 2009 Author Share Posted January 16, 2009 Damn I forgot that part. Thank you very much. My name aint savagenoob for nothin' And cant forget this $inout = mysql_escape_string($_POST['punch']); Quote Link to comment Share on other sites More sharing options...
corbin Posted January 16, 2009 Share Posted January 16, 2009 No prob ;p. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.