web_master Posted May 31, 2009 Share Posted May 31, 2009 Hi, I put into database: <?php $Query = mysql_query('INSERT INTO `request` ( `request_year`, `request_month`, `request_day`, `request_date`, `request_ip`, `request_tel`, `request_txt`, `request_artist`, `request_title`, `request_datetime`, `request_ipp` ) VALUES ( "'.$_POST['request_year'].'", "'.$_POST['request_month'].'", "'.$_POST['request_day'].'", "'.$_POST['request_year'].$_POST['request_month'].$_POST['request_day'].'", "'.$_POST['request_ip'].'", "'.$_POST['request_tel'].'", "'.$NoPregText.'", "'.$_POST['request_artist'].'", "'.$_POST['request_title'].'", "'.date('Y-m-d H:i:s').'", "'.getenv('REMOTE_ADDR').'" )'); ?> But! Before put the data into database I want to check is there in database same phonenumber 3 times (`request_tel`)? How can I check this? (if in database same phonenumber more than 3 times the data can't be put into dbase) thanx Quote Link to comment Share on other sites More sharing options...
Ken2k7 Posted May 31, 2009 Share Posted May 31, 2009 1. SQL Injection. Read up on it. 2. Use a SELECT statement to check if the phone number is in there 3 times. Quote Link to comment Share on other sites More sharing options...
papaface Posted May 31, 2009 Share Posted May 31, 2009 Probably a better way to do this, but just do: $count = mysql_query("SELECT `request_tel` FROM `request` WHERE `request_tel`='".$_POST['request_tel']."' "); if (mysql_num_rows($count) <= 3) { $Query = mysql_query('INSERT INTO `request` ( `request_year`, `request_month`, `request_day`, `request_date`, `request_ip`, `request_tel`, `request_txt`, `request_artist`, `request_title`, `request_datetime`, `request_ipp` ) VALUES ( "'.$_POST['request_year'].'", "'.$_POST['request_month'].'", "'.$_POST['request_day'].'", "'.$_POST['request_year'].$_POST['request_month'].$_POST['request_day'].'", "'.$_POST['request_ip'].'", "'.$_POST['request_tel'].'", "'.$NoPregText.'", "'.$_POST['request_artist'].'", "'.$_POST['request_title'].'", "'.date('Y-m-d H:i:s').'", "'.getenv('REMOTE_ADDR').'" )'); if ($Query) { //inserted correctly } else { //issue inserting } } else { //3 or more with the same tel in db } Quote Link to comment Share on other sites More sharing options...
anupamsaha Posted May 31, 2009 Share Posted May 31, 2009 Hi, I put into database: <?php $Query = mysql_query('INSERT INTO `request` ( `request_year`, `request_month`, `request_day`, `request_date`, `request_ip`, `request_tel`, `request_txt`, `request_artist`, `request_title`, `request_datetime`, `request_ipp` ) VALUES ( "'.$_POST['request_year'].'", "'.$_POST['request_month'].'", "'.$_POST['request_day'].'", "'.$_POST['request_year'].$_POST['request_month'].$_POST['request_day'].'", "'.$_POST['request_ip'].'", "'.$_POST['request_tel'].'", "'.$NoPregText.'", "'.$_POST['request_artist'].'", "'.$_POST['request_title'].'", "'.date('Y-m-d H:i:s').'", "'.getenv('REMOTE_ADDR').'" )'); ?> But! Before put the data into database I want to check is there in database same phonenumber 3 times (`request_tel`)? How can I check this? (if in database same phonenumber more than 3 times the data can't be put into dbase) thanx Try this: <?php $sql = "SELECT COUNT(*) AS `phone_count` FROM `request` WHERE `request_tel` = '" . $_POST['request_tel'] . "'"; $rs = mysql_query($sql) or die(mysql_error()); $row = mysql_fetch_assoc($rs); mysql_free_result($rs); if ( $row['phone_count'] >= 3 ) { echo 'Phone number <strong>' . $_POST['request_tel'] . '</strong> entered more then 3 times.'; } ?> Put this code above the INSERT SQL statement and do the required checks in it. Hope this will help. Quote Link to comment Share on other sites More sharing options...
monkeytooth Posted May 31, 2009 Share Posted May 31, 2009 For starters I would suggest removing $_POST vars and $_GET vars from your SQL entry, thats just askin for issues later in a number of ways.. take all your POST and GET vars and change them into normal vars.. $tele = $_POST['request_tel']; for example. The one reason I say this is cause you can start filtering everything that's being posted through your form and make sure its not malicious coding that's attempting to be passed through, make sure its not something that's going to break your script like a double quote and so on. Mostly the malicious code i would worry about more then anything. As anyone with a little knolledge whos bored enough or doesnt like you can just wipe out your database as if it were never there.. google "mysql injection" youll see what I mean.. as for your original question how do you check to see if its in there already.. Check your database.. do a row count looking specificly for that value if it comes up one or more times its already in there. if it comes up null or 0 then insert.. Ill be happy to help you a little more should you need it. Quote Link to comment Share on other sites More sharing options...
web_master Posted May 31, 2009 Author Share Posted May 31, 2009 Try this: <?php $sql = "SELECT COUNT(*) AS `phone_count` FROM `request` WHERE `request_tel` = '" . $_POST['request_tel'] . "'"; $rs = mysql_query($sql) or die(mysql_error()); $row = mysql_fetch_assoc($rs); mysql_free_result($rs); if ( $row['phone_count'] >= 3 ) { echo 'Phone number <strong>' . $_POST['request_tel'] . '</strong> entered more then 3 times.'; } ?> Put this code above the INSERT SQL statement and do the required checks in it. Hope this will help. ITS WORK, THANKX PEOPLE!!! GREAT Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.