TRemmie Posted May 5, 2009 Share Posted May 5, 2009 So I am running this PHP Code with a Flash Information Submit form, and I am trying to have it when the user submits information already present on the SQL database, to echo back into Flash "information you submitted already exists." and when it works, to echo back "Your information has been added." I have it echoing but no matter if the information exists, or doesn't, it always echos "information you submitted already exists." I have attached the code I use to write the stuff to my Database. Please forgive me as I am very new to working with databases. I am more of a webdesigner then developer so I am still learning. <?php $con = mysql_connect("address.com","loginname","password"); if (!$con){ die(); } mysql_select_db("databasename", $con); $sql="INSERT INTO databasename(name, email, pracname, pracnumber, city, ip) VALUES ('$_POST[name]','$_POST[email]','$_POST[practicename]','$_POST[practelephone]','$_POST[city]','$_SERVER[REMOTE_ADDR]')"; if (!mysql_query($sql,$con)) { echo "content= The information you submitted already exists."; die(); }else{ echo "content= Your information has been added." } mysql_close($con); ?> Link to comment https://forums.phpfreaks.com/topic/156870-need-help-echoing-out-to-flash-depending-on-mysql-database/ Share on other sites More sharing options...
Ken2k7 Posted May 5, 2009 Share Posted May 5, 2009 WOW, SQL injection! Can I get a link? Um, first, $_POST[name] should be $_POST['name'] if I'm not mistaken. Same for the other $_POST vars. You probably want to store them in a variable to save yourself the trouble with escaping those quotes. Also, INSERT doesn't check if the data exists. It doesn't care if you have multiple entries. You'll want a SELECT statement before the INSERT to check for that. Link to comment https://forums.phpfreaks.com/topic/156870-need-help-echoing-out-to-flash-depending-on-mysql-database/#findComment-826346 Share on other sites More sharing options...
garethhall Posted May 5, 2009 Share Posted May 5, 2009 Hi I hope this helps <?php if (!mysql_query($sql,$con)) { echo "content= The information you submitted already exists."; die(); }else{ echo "content= Your information has been added." } ?> Revering to the code above will only return a 1 or 0 meaning mysql_query is true or false respectively. Now the above might work depending on how your database is setup ie primary keys and unique key. So my approach would be is to first check if the data exists and if it doesn't then insert it. Try this <?php // connect to db $con = mysql_connect("address.com","loginname","password"); // select db mysql_select_db("databasename", $con) or die(mysql_error()); //setup variables $name =$_POST['name']; $email = $_POST['email']; // sql to search db $srchSQL = "SELECT * FROM databasename WHERE databasename.name = '$name' AND databasename.email ='$email'"; $recordSrch = mysql_query($srchSQL, $con); $rowSrch = mysql_fetch_assoc($recordSrch); //check if data exists if($rowSrch < 1){ echo "data exists" }else{ $insertSql="INSERT INTO databasename(name, email, pracname, pracnumber, city, ip) VALUES ('$_POST[name]','$_POST[email]','$_POST[practicename]','$_POST[practelephone]','$_POST[city]','$_SERVER[REMOTE_ADDR]')"; $insert = mysql_query() or die(mysql_error()); if($insert == true){ echo "data inserted"; }else{ echo "error inserting data" }; }; ?> There might be a couple of small errors in my script as it is untested. One thing that this script is need is some sql injection projection. Link to comment https://forums.phpfreaks.com/topic/156870-need-help-echoing-out-to-flash-depending-on-mysql-database/#findComment-826429 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.