INSERT IF ELSE UPDATE

JKershner · June 21, 2011

I've attempted everything that sounds logical to me on an if/then statement but none seems to work for me, can someone find a noobs error and help me out?

$qry="SELECT * FROM table where login=$login AND legion=$legion";
$result=mysql_query($qry);


   if($result) {
      if(mysql_num_rows($result) == 1) {
         $sql="UPDATE INTO table (value1, value2...) VALUES ('{$_SESSION['SESS_LOGIN_NAME']}', '$value2')";
         exit();
      }else {
         $sql="INSERT INTO table (value1, value2...) VALUES ('{$_SESSION['SESS_LOGIN_NAME']}', '$value2')";
         exit();
      }
   }else {
      die("Query failed");
   }

Thanks in advance

MOD EDIT: code tags added

cyberRobot · June 21, 2011

When running the script, what happens? If you're getting errors, what are they? If the script appears to execute with no errors, you should looking to adding some debugging code so that way you'll know which part of the code was executed before quitting. For example:

<?php
...

     if(mysql_num_rows($result) == 1) {
         $sql="UPDATE INTO table (value1, value2...) VALUES ('{$_SESSION['SESS_LOGIN_NAME']}', '$value2')";

         echo $sql;  //DEBUG CODE - remove before going live

         exit();
      }else {
         $sql="INSERT INTO table (value1, value2...) VALUES ('{$_SESSION['SESS_LOGIN_NAME']}', '$value2')";

         echo $sql;  //DEBUG CODE - remove before going live

         exit();
      }

...
?>

Note that UPDATE statement shouldn't have the INTO keyword.

$sql="UPDATE table (value1, value2...) VALUES ('{$_SESSION['SESS_LOGIN_NAME']}', '$value2')";

JKershner · June 21, 2011

The only error I'm getting is "Query Failed", I'll try and add the debugging, is there a way that it can show me the steps its taking from the sql select?

cyberRobot · June 21, 2011

To see if there were any MySQL errors using mysql_error():

http://php.net/manual/en/function.mysql-error.php

You could try:

<?php

  }else {
      echo mysql_error();

      die("Query failed");
   }

?>

You could also try displaying the original query to see if the variables are being included as expected:

<?php

$qry="SELECT * FROM table where login=$login AND legion=$legion";

echo $qry;

$result=mysql_query($qry);

?>

JKershner · June 21, 2011

Here is the error code I'm getting:

Resource id #4INSERT INTO troop(login, legion, rookie_gun, rookie_flak, rookie_anti, vet_gun, vet_flak, vet_anti, elite_gun, elite_flak, elite_anti, rookie_tank, rookie_truck, rookie_cannon, vet_tank, vet_truck, vet_cannon, elite_tank, elite_truck, elite_cannon, rookie_fighter, rookie_bomber, vet_fighter, vet_bomber, elite_fighter, elite_bomber) VALUES('JKer', '3rd Legion', '45', '48', '15364', '165', '168', '134', '16', '18', '16', '16', '164', '15', '164', '16', '164', '16', '16', '168', '16', '168', '168', '1684', '16', '168')

My logic is:

$qry="SELECT * FROM troop WHERE login='{$_SESSION['SESS_LOGIN_NAME']}' AND legion='{$_SESSION['SESS_LEGION_NAME']}'";
   $result=mysql_query($qry);
   echo $result;
   
      if($result) {
      if(mysql_num_rows($result) == 1) {
      $sql="UPDATE troop (rookie_gun, rookie_flak, rookie_anti, vet_gun, vet_flak, vet_anti, elite_gun, elite_flak, elite_anti, rookie_tank, rookie_truck, rookie_cannon, vet_tank, vet_truck, vet_cannon, elite_tank, elite_truck, elite_cannon, rookie_fighter, rookie_bomber, vet_fighter, vet_bomber, elite_fighter, elite_bomber) VALUES ('$_POST[rookie_gun]', '$_POST[rookie_flak]', '$_POST[rookie_anti]', '$_POST[vet_gun]', '$_POST[vet_flak]', '$_POST[vet_anti]', '$_POST[elite_gun]', '$_POST[elite_flak]', '$_POST[elite_anti]', '$_POST[rookie_tank]', '$_POST[rookie_truck]', '$_POST[rookie_cannon]', '$_POST[vet_tank]', '$_POST[vet_truck]', '$_POST[vet_cannon]', '$_POST[elite_tank]', '$_POST[elite_truck]', '$_POST[elite_cannon]', '$_POST[rookie_fighter]', '$_POST[rookie_bomber]', '$_POST[vet_fighter]', '$_POST[vet_bomber]', '$_POST[elite_fighter]', '$_POST[elite_bomber]')";
      echo $sql;
      exit();
      } else {
      $sql = "INSERT INTO troop(login, legion, rookie_gun, rookie_flak, rookie_anti, vet_gun, vet_flak, vet_anti, elite_gun, elite_flak, elite_anti, rookie_tank, rookie_truck, rookie_cannon, vet_tank, vet_truck, vet_cannon, elite_tank, elite_truck, elite_cannon, rookie_fighter, rookie_bomber, vet_fighter, vet_bomber, elite_fighter, elite_bomber) VALUES('{$_SESSION['SESS_LOGIN_NAME']}', '{$_SESSION['SESS_LEGION_NAME']}', '$_POST[rookie_gun]', '$_POST[rookie_flak]', '$_POST[rookie_anti]', '$_POST[vet_gun]', '$_POST[vet_flak]', '$_POST[vet_anti]', '$_POST[elite_gun]', '$_POST[elite_flak]', '$_POST[elite_anti]', '$_POST[rookie_tank]', '$_POST[rookie_truck]', '$_POST[rookie_cannon]', '$_POST[vet_tank]', '$_POST[vet_truck]', '$_POST[vet_cannon]', '$_POST[elite_tank]', '$_POST[elite_truck]', '$_POST[elite_cannon]', '$_POST[rookie_fighter]', '$_POST[rookie_bomber]', '$_POST[vet_fighter]', '$_POST[vet_bomber]', '$_POST[elite_fighter]', '$_POST[elite_bomber]')";
      echo $sql;
      exit(); }
      } else {
      die("Query Failed");
      }

MOD EDIT: code tags added

JKershner · June 21, 2011

OK, I appreciate the help...I was able to figure out my error as I had an extra "else" and misplaced.

mikosiko · June 21, 2011

did you test all your code?

an UPDATE like the one that you have posted shouldn't work

      $sql="UPDATE troop (rookie_gun, rookie_flak, rookie_anti, vet_gun, vet_flak, vet_anti, elite_gun, elite_flak, elite_anti, rookie_tank, rookie_truck, rookie_cannon, vet_tank, vet_truck, vet_cannon, elite_tank, elite_truck, elite_cannon, rookie_fighter, rookie_bomber, vet_fighter, vet_bomber, elite_fighter, elite_bomber) VALUES ('$_POST[rookie_gun]', '$_POST[rookie_flak]', '$_POST[rookie_anti]', '$_POST[vet_gun]', '$_POST[vet_flak]', '$_POST[vet_anti]', '$_POST[elite_gun]', '$_POST[elite_flak]', '$_POST[elite_anti]', '$_POST[rookie_tank]', '$_POST[rookie_truck]', '$_POST[rookie_cannon]', '$_POST[vet_tank]', '$_POST[vet_truck]', '$_POST[vet_cannon]', '$_POST[elite_tank]', '$_POST[elite_truck]', '$_POST[elite_cannon]', '$_POST[rookie_fighter]', '$_POST[rookie_bomber]', '$_POST[vet_fighter]', '$_POST[vet_bomber]', '$_POST[elite_fighter]', '$_POST[elite_bomber]')";

here is the right syntaxes for UPDATES

also... you should sanitize/cast/validate your $_POST[] variables before to use them directly in your queries.

JKershner · June 21, 2011

the correct code that I got to work is:

$qry="SELECT * FROM troop WHERE login='{$_SESSION['SESS_LOGIN_NAME']}' AND legion='{$_SESSION['SESS_LEGION_NAME']}'";
$result=mysql_query($qry);

if(mysql_num_rows($result) > 0) {
$qry = "UPDATE troop SET rookie_gun = '$rg', rookie_flak = '$rf', rookie_anti = '$ra', vet_gun = '$vg', vet_flak = '$vf', vet_anti = '$va', elite_gun = '$eg', elite_flak = '$ef', elite_anti = '$ea', rookie_tank = '$rta', rookie_truck = '$rtr', rookie_cannon = '$rc', vet_tank = '$vta', vet_truck = '$vtr', vet_cannon = '$vc', elite_tank = '$eta', elite_truck = '$etr', elite_cannon = '$ec', rookie_fighter = '$rf', rookie_bomber = '$rb', vet_fighter = '$vf', vet_bomber = '$vb', elite_fighter = '$ef', elite_bomber = '$eb' WHERE login = '{$_SESSION['SESS_LOGIN_NAME']}'";
$result = @mysql_query($qry);
echo ("Your troops Have been successfully Updated");
} else {
$qry = "INSERT INTO troop(login, legion, rookie_gun, rookie_flak, rookie_anti, vet_gun, vet_flak, vet_anti, elite_gun, elite_flak, elite_anti, rookie_tank, rookie_truck, rookie_cannon, vet_tank, vet_truck, vet_cannon, elite_tank, elite_truck, elite_cannon, rookie_fighter, rookie_bomber, vet_fighter, vet_bomber, elite_fighter, elite_bomber) VALUES('{$_SESSION['SESS_LOGIN_NAME']}', '{$_SESSION['SESS_LEGION_NAME']}', '$_POST[rookie_gun]', '$_POST[rookie_flak]', '$_POST[rookie_anti]', '$_POST[vet_gun]', '$_POST[vet_flak]', '$_POST[vet_anti]', '$_POST[elite_gun]', '$_POST[elite_flak]', '$_POST[elite_anti]', '$_POST[rookie_tank]', '$_POST[rookie_truck]', '$_POST[rookie_cannon]', '$_POST[vet_tank]', '$_POST[vet_truck]', '$_POST[vet_cannon]', '$_POST[elite_tank]', '$_POST[elite_truck]', '$_POST[elite_cannon]', '$_POST[rookie_fighter]', '$_POST[rookie_bomber]', '$_POST[vet_fighter]', '$_POST[vet_bomber]', '$_POST[elite_fighter]', '$_POST[elite_bomber]')";
$result = @mysql_query($qry);
echo ("Your Troop counts have been logged, please Make sure to keep your records up to date"};

mikosiko · June 21, 2011

good... at least you fixed the UPDATE error that was posted originally... sanitize/cast/validation for your POST values still an issue... and also you should remove those '@' from your code... with those in place you are just hiding possible errors and not controlling them as you should.

In a further optimization of your code you could look into the INSERT... ON DUPLICATE KEY UPDATE syntax

cyberRobot · June 21, 2011

Note that you can use the SET keyword in your INSERT statement also. In my opinion it makes the queries easier to manage.

$qry = "INSERT INTO troop SET login='{$_SESSION['SESS_LOGIN_NAME']}', ...

As suggested by mikosiko, you should look into sanitizing your POST variables before using them in the queries to prevent MySQL injections. If you're not doing so already, you'll also want run the information through mysql_real_escape_string():

http://php.net/manual/en/function.mysql-real-escape-string.php

JKershner · June 21, 2011

Thank you, I'll make the changes and "cleaning" them now. I'm still very new to this and teaching myself as I go along, can you explain the escape string in lamen terms, what does it accomplish? Sorry if I sound like a noob

cyberRobot · June 21, 2011

This might help explain MySQL injection attacks:

http://www.tizag.com/mysqlTutorial/mysql-php-sql-injection.php

Sign In

INSERT IF ELSE UPDATE

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Join the conversation

Important Information