Onloac Posted June 14, 2009 Share Posted June 14, 2009 I'm not sure what I'm doing wrong, but what I'm trying to do is check to see if if a row with X id already exsists within a table. I'm using the below code and it doesn't seem to be working. It shows whats in the else statement regardless if the item exsists or not. What am I doing wrong? $cid = $_GET["cid"]; if (mysql_fetch_row($db->query("SELECT * FROM articles_category WHERE cid='$cid'"))) { echo "Category does exsists"; ) else { echo "No Category with that ID exsists"; } Quote Link to comment Share on other sites More sharing options...
joel24 Posted June 14, 2009 Share Posted June 14, 2009 replace mysql_fetch_row with mysql_num_rows...? Quote Link to comment Share on other sites More sharing options...
Onloac Posted June 14, 2009 Author Share Posted June 14, 2009 Humm... I suppose I could use mysql_num_rows, but is that the more efficient way of doing it? Quote Link to comment Share on other sites More sharing options...
pkedpker Posted June 14, 2009 Share Posted June 14, 2009 I'd like of by saying that a serious security flaw right there lol sql injection easily done with that. Secondly whats $db->query? shouldnt it be like $result = mysql_query("SELECT * FROM articles_category WHERE cid='$cid'", $link); if (mysql_fetch_row($result)) { echo "Category does exsists"; ) else { echo "No Category with that ID exsists"; } I dont think you could 1 line it. replace mysql_fetch_row with mysql_num_rows...? yes joel24 is correct num_rows is better then fetch_row if you want to do checks without accessing to much mysql data Quote Link to comment Share on other sites More sharing options...
Onloac Posted June 14, 2009 Author Share Posted June 14, 2009 Please note I'm not using this code, I used it as an example to get my problem solved. $db->query works exactly like mysql_query() for me as its a function and works correctly and is not causing any problems. I've revised the code to: $re = $db->query("SELECT * FROM articles_category WHERE cid='$cid'"); if (mysql_num_rows($re)) { echo "Category does exsists"; } else { echo "No Category with that ID exsists"; } This doesn't seem to be working either. It's still outputting the else statement even if the row is there. What am I doing wrong? BY THE WAY, i use mysql_escape_string ()... is that not enough to protect me from SQL injection? They can do it through the $cid correct? Quote Link to comment Share on other sites More sharing options...
joel24 Posted June 14, 2009 Share Posted June 14, 2009 can you copy / paste your complete code? everything there looks fine, your SQL statement isn't retrieving any rows... before the line $re = $db->query( etc etc put in echo $cid; exit(); and see what it echos... if the echo $cid; is echoing the ID as it should be, try change $re = $db->query("SELECT * FROM articles_category WHERE cid='$cid'"); to $re = $db->query("SELECT * FROM articles_category"); and execute the code (without the echo $cid; exit(); lines) and it should say "category does exist".. unless there are no rows in your articles_category table Quote Link to comment Share on other sites More sharing options...
Onloac Posted June 14, 2009 Author Share Posted June 14, 2009 Hold on I may have figured out whats going on. Let me play around with it a bit and get back to you. Thanks to both of you for your help! Quote Link to comment Share on other sites More sharing options...
joel24 Posted June 14, 2009 Share Posted June 14, 2009 try this. if it doesn't work try changing $result = $db->query("SELECT * FROM articles_category WHERE cid='$cid'") or die(mysql_error()); to $result = mysql_query("SELECT * FROM articles_category WHERE cid='$cid'") or die(mysql_error()); <?php require 'global_header.php'; $cid = mysql_escape_string ($_GET["cid"]); $result = $db->query("SELECT * FROM articles_category WHERE cid='$cid'") or die(mysql_error()); if (!mysql_num_rows($result)) { echo "No Category with that ID exsists"; } else { $row = $db->fetch_array($result); ?> <form action="?mod=edit&cid=<?PHP echo $cid; ?>" method="post"> <table id="tablestyle"> <tr><td colspan="2" height="23" background="navbg.gif" class="nav" align="center"><b>Editing Category Details:</b></td> <tr><td bgcolor="#E6E6E6">Category ID:</td><td bgcolor="#E6E6E6"><input type="text" name="upcid" size="30" value="<?PHP echo $row['cid']; ?>"></td></tr> <tr><td bgcolor="#E6E6E6">Category Name:</td><td bgcolor="#E6E6E6"><input type="text" name="upcat" size="30" value="<?PHP echo $row['category']; ?>"></td></tr> <tr><td colspan="2" align="center" bgcolor="#E6E6E6"><input type="submit" value="Submit"></td></tr> <tr><td colspan="2" height="23" background="navbg.gif"></td></tr></table> <?php } //end if num rows require 'global_footer.php'; ?> Quote Link to comment Share on other sites More sharing options...
Onloac Posted June 14, 2009 Author Share Posted June 14, 2009 Problem has been solved! Thanks for all your help, you made me notice a couple things I did wrong. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.