INSERT IF ELSE UPDATE

[JKershner]

I've attempted everything that sounds logical to me on an if/then statement but none seems to work for me, can someone find a noobs error and help me out?

$qry="SELECT * FROM table where login=$login AND legion=$legion";
$result=mysql_query($qry);


   if($result) {
      if(mysql_num_rows($result) == 1) {
         $sql="UPDATE INTO table (value1, value2...) VALUES ('{$_SESSION['SESS_LOGIN_NAME']}', '$value2')";
         exit();
      }else {
         $sql="INSERT INTO table (value1, value2...) VALUES ('{$_SESSION['SESS_LOGIN_NAME']}', '$value2')";
         exit();
      }
   }else {
      die("Query failed");
   }

Thanks in advance

 

MOD EDIT: code tags added

[cyberRobot]

When running the script, what happens? If you're getting errors, what are they? If the script appears to execute with no errors, you should looking to adding some debugging code so that way you'll know which part of the code was executed before quitting. For example:

 

<?php
...

     if(mysql_num_rows($result) == 1) {
         $sql="UPDATE INTO table (value1, value2...) VALUES ('{$_SESSION['SESS_LOGIN_NAME']}', '$value2')";

         echo $sql;  //DEBUG CODE - remove before going live

         exit();
      }else {
         $sql="INSERT INTO table (value1, value2...) VALUES ('{$_SESSION['SESS_LOGIN_NAME']}', '$value2')";

         echo $sql;  //DEBUG CODE - remove before going live

         exit();
      }

...
?>

 

 

 

Note that UPDATE statement shouldn't have the INTO keyword.

 

$sql="UPDATE table (value1, value2...) VALUES ('{$_SESSION['SESS_LOGIN_NAME']}', '$value2')";

[JKershner]

The only error I'm getting is "Query Failed", I'll try and add the debugging, is there a way that it can show me the steps its taking from the sql select?

[cyberRobot]

To see if there were any MySQL errors using mysql_error():

http://php.net/manual/en/function.mysql-error.php

 

You could try:

 

<?php

  }else {
      echo mysql_error();

      die("Query failed");
   }

?>

 

 

You could also try displaying the original query to see if the variables are being included as expected:

 

<?php

$qry="SELECT * FROM table where login=$login AND legion=$legion";

echo $qry;

$result=mysql_query($qry);

?>

[JKershner]

Here is the error code I'm getting:

Resource id #4INSERT INTO troop(login, legion, rookie_gun, rookie_flak, rookie_anti, vet_gun, vet_flak, vet_anti, elite_gun, elite_flak, elite_anti, rookie_tank, rookie_truck, rookie_cannon, vet_tank, vet_truck, vet_cannon, elite_tank, elite_truck, elite_cannon, rookie_fighter, rookie_bomber, vet_fighter, vet_bomber, elite_fighter, elite_bomber) VALUES('JKer', '3rd Legion', '45', '48', '15364', '165', '168', '134', '16', '18', '16', '16', '164', '15', '164', '16', '164', '16', '16', '168', '16', '168', '168', '1684', '16', '168')

 

My logic is:

$qry="SELECT * FROM troop WHERE login='{$_SESSION['SESS_LOGIN_NAME']}' AND legion='{$_SESSION['SESS_LEGION_NAME']}'";
   $result=mysql_query($qry);
   echo $result;
   
      if($result) {
      if(mysql_num_rows($result) == 1) {
      $sql="UPDATE troop (rookie_gun, rookie_flak, rookie_anti, vet_gun, vet_flak, vet_anti, elite_gun, elite_flak, elite_anti, rookie_tank, rookie_truck, rookie_cannon, vet_tank, vet_truck, vet_cannon, elite_tank, elite_truck, elite_cannon, rookie_fighter, rookie_bomber, vet_fighter, vet_bomber, elite_fighter, elite_bomber) VALUES ('$_POST[rookie_gun]', '$_POST[rookie_flak]', '$_POST[rookie_anti]', '$_POST[vet_gun]', '$_POST[vet_flak]', '$_POST[vet_anti]', '$_POST[elite_gun]', '$_POST[elite_flak]', '$_POST[elite_anti]', '$_POST[rookie_tank]', '$_POST[rookie_truck]', '$_POST[rookie_cannon]', '$_POST[vet_tank]', '$_POST[vet_truck]', '$_POST[vet_cannon]', '$_POST[elite_tank]', '$_POST[elite_truck]', '$_POST[elite_cannon]', '$_POST[rookie_fighter]', '$_POST[rookie_bomber]', '$_POST[vet_fighter]', '$_POST[vet_bomber]', '$_POST[elite_fighter]', '$_POST[elite_bomber]')";
      echo $sql;
      exit();
      } else {
      $sql = "INSERT INTO troop(login, legion, rookie_gun, rookie_flak, rookie_anti, vet_gun, vet_flak, vet_anti, elite_gun, elite_flak, elite_anti, rookie_tank, rookie_truck, rookie_cannon, vet_tank, vet_truck, vet_cannon, elite_tank, elite_truck, elite_cannon, rookie_fighter, rookie_bomber, vet_fighter, vet_bomber, elite_fighter, elite_bomber) VALUES('{$_SESSION['SESS_LOGIN_NAME']}', '{$_SESSION['SESS_LEGION_NAME']}', '$_POST[rookie_gun]', '$_POST[rookie_flak]', '$_POST[rookie_anti]', '$_POST[vet_gun]', '$_POST[vet_flak]', '$_POST[vet_anti]', '$_POST[elite_gun]', '$_POST[elite_flak]', '$_POST[elite_anti]', '$_POST[rookie_tank]', '$_POST[rookie_truck]', '$_POST[rookie_cannon]', '$_POST[vet_tank]', '$_POST[vet_truck]', '$_POST[vet_cannon]', '$_POST[elite_tank]', '$_POST[elite_truck]', '$_POST[elite_cannon]', '$_POST[rookie_fighter]', '$_POST[rookie_bomber]', '$_POST[vet_fighter]', '$_POST[vet_bomber]', '$_POST[elite_fighter]', '$_POST[elite_bomber]')";
      echo $sql;
      exit(); }
      } else {
      die("Query Failed");
      }

 

MOD EDIT: code tags added

[JKershner]

OK, I appreciate the help...I was able to figure out my error as I had an extra "else" and misplaced.

[mikosiko]

did you test all your code?

 

an UPDATE like the one that you have posted shouldn't work

      $sql="UPDATE troop (rookie_gun, rookie_flak, rookie_anti, vet_gun, vet_flak, vet_anti, elite_gun, elite_flak, elite_anti, rookie_tank, rookie_truck, rookie_cannon, vet_tank, vet_truck, vet_cannon, elite_tank, elite_truck, elite_cannon, rookie_fighter, rookie_bomber, vet_fighter, vet_bomber, elite_fighter, elite_bomber) VALUES ('$_POST[rookie_gun]', '$_POST[rookie_flak]', '$_POST[rookie_anti]', '$_POST[vet_gun]', '$_POST[vet_flak]', '$_POST[vet_anti]', '$_POST[elite_gun]', '$_POST[elite_flak]', '$_POST[elite_anti]', '$_POST[rookie_tank]', '$_POST[rookie_truck]', '$_POST[rookie_cannon]', '$_POST[vet_tank]', '$_POST[vet_truck]', '$_POST[vet_cannon]', '$_POST[elite_tank]', '$_POST[elite_truck]', '$_POST[elite_cannon]', '$_POST[rookie_fighter]', '$_POST[rookie_bomber]', '$_POST[vet_fighter]', '$_POST[vet_bomber]', '$_POST[elite_fighter]', '$_POST[elite_bomber]')";

 

here is the right syntaxes for UPDATES

 

also... you should sanitize/cast/validate your $_POST[] variables before to use them directly in your queries.

[JKershner]

the correct code that I got to work is:

 

$qry="SELECT * FROM troop WHERE login='{$_SESSION['SESS_LOGIN_NAME']}' AND legion='{$_SESSION['SESS_LEGION_NAME']}'";
$result=mysql_query($qry);

if(mysql_num_rows($result) > 0) {
$qry = "UPDATE troop SET rookie_gun = '$rg', rookie_flak = '$rf', rookie_anti = '$ra', vet_gun = '$vg', vet_flak = '$vf', vet_anti = '$va', elite_gun = '$eg', elite_flak = '$ef', elite_anti = '$ea', rookie_tank = '$rta', rookie_truck = '$rtr', rookie_cannon = '$rc', vet_tank = '$vta', vet_truck = '$vtr', vet_cannon = '$vc', elite_tank = '$eta', elite_truck = '$etr', elite_cannon = '$ec', rookie_fighter = '$rf', rookie_bomber = '$rb', vet_fighter = '$vf', vet_bomber = '$vb', elite_fighter = '$ef', elite_bomber = '$eb' WHERE login = '{$_SESSION['SESS_LOGIN_NAME']}'";
$result = @mysql_query($qry);
echo ("Your troops Have been successfully Updated");
} else {
$qry = "INSERT INTO troop(login, legion, rookie_gun, rookie_flak, rookie_anti, vet_gun, vet_flak, vet_anti, elite_gun, elite_flak, elite_anti, rookie_tank, rookie_truck, rookie_cannon, vet_tank, vet_truck, vet_cannon, elite_tank, elite_truck, elite_cannon, rookie_fighter, rookie_bomber, vet_fighter, vet_bomber, elite_fighter, elite_bomber) VALUES('{$_SESSION['SESS_LOGIN_NAME']}', '{$_SESSION['SESS_LEGION_NAME']}', '$_POST[rookie_gun]', '$_POST[rookie_flak]', '$_POST[rookie_anti]', '$_POST[vet_gun]', '$_POST[vet_flak]', '$_POST[vet_anti]', '$_POST[elite_gun]', '$_POST[elite_flak]', '$_POST[elite_anti]', '$_POST[rookie_tank]', '$_POST[rookie_truck]', '$_POST[rookie_cannon]', '$_POST[vet_tank]', '$_POST[vet_truck]', '$_POST[vet_cannon]', '$_POST[elite_tank]', '$_POST[elite_truck]', '$_POST[elite_cannon]', '$_POST[rookie_fighter]', '$_POST[rookie_bomber]', '$_POST[vet_fighter]', '$_POST[vet_bomber]', '$_POST[elite_fighter]', '$_POST[elite_bomber]')";
$result = @mysql_query($qry);
echo ("Your Troop counts have been logged, please Make sure to keep your records up to date"};

[mikosiko]

good... at least you fixed the UPDATE error that was posted originally...  sanitize/cast/validation for your POST values still an issue... and also you should remove those '@' from your code... with those in place you are just hiding possible errors and not controlling them as you should.

 

In a further optimization of your code you could look into the INSERT... ON DUPLICATE KEY UPDATE syntax

[cyberRobot]

Note that you can use the SET keyword in your INSERT statement also. In my opinion it makes the queries easier to manage.

 

$qry = "INSERT INTO troop SET login='{$_SESSION['SESS_LOGIN_NAME']}', ...

 

 

As suggested by mikosiko, you should look into sanitizing your POST variables before using them in the queries to prevent MySQL injections. If you're not doing so already, you'll also want run the information through mysql_real_escape_string():

http://php.net/manual/en/function.mysql-real-escape-string.php

[JKershner]

Thank you, I'll make the changes and "cleaning" them now.  I'm still very new to this and teaching myself as I go along, can you explain the escape string in lamen terms, what does it accomplish?  Sorry if I sound like a noob

[cyberRobot]

This might help explain MySQL injection attacks:

http://www.tizag.com/mysqlTutorial/mysql-php-sql-injection.php