DeCarlo Posted December 19, 2011 Share Posted December 19, 2011 Hi community,i creating a simple website and description i analyzed my code about 3days...2hours a day. if i get the point in my head.then its say Website url is in use..but not..ok maybe i give the code below. so if you can explain whats wrong.thanks <?php include_once ('connect.php'); $url= mysql_real_escape_string($_POST['url']); $desc=mysql_real_escape_string($_POST['desc']); if ($id == "krauti") { if (empty($_POST['url']) && empty($_POST['desc'])) { die('<br><center>Both Empty!.<center/><br/>'); } if (empty($_POST['url'])) { die('<br><center>URL Empty!.<center/>'); } if (empty($_POST['desc'])) { die('<br><center>desc empty fill it!.<center/>'); } $url = htmlspecialchars( stripslashes( strip_tags($_POST['url'] ) ) ); $aprasymas = htmlspecialchars( trim($_POST['desc'] ) ); $query = mysql_query("SELECT * FROM linkai WHERE url = '$url' AND 'desc' = '$desc'"); if( mysql_num_rows( $query ) == 1 ) { "INSERT INTO linkai ". "(id, url, desc) ". "VALUES('','$_POST[url]','$_POST[desc]')"; echo "Yes!."; } else if (mysql_num_rows($query) == 0 ){ echo "No!!"; } } ?> Quote Link to comment Share on other sites More sharing options...
sasa Posted December 19, 2011 Share Posted December 19, 2011 'desc' = '$desc' mean STRING 'desc' is same as value of variable $desc remove quotes from column name Quote Link to comment Share on other sites More sharing options...
DeCarlo Posted December 19, 2011 Author Share Posted December 19, 2011 Example if Website:phpfreaks.com exists i got Echo NO!.thats good.. Example if i enter new website like google.jp it gives me same Echo NO!!!..thats wrong. how can i fix it? that Quote Link to comment Share on other sites More sharing options...
ManiacDan Posted December 19, 2011 Share Posted December 19, 2011 Things I see wrong with your code: 1) you set $url and $desc and never use them. 2) You use $_POST['url'] and $_POST['desc'] before you check to see if they exist. 3) You re-set $url and $aprasymas as htmlspecialchars(), but that's wrong for use in a query. Also, you still don't use them 4) Your SELECT is malformed, 'desc' cannot be quoted like that. 5) You're not running the insert query inside your IF 6) This script will echo "Yes!" for each entry of unique description for each URL. If I use google.com with 8 different descriptions, there will be 8 entries in the DB. I don't know if you want that. Quote Link to comment Share on other sites More sharing options...
DeCarlo Posted December 20, 2011 Author Share Posted December 20, 2011 Things I see wrong with your code: 1) you set $url and $desc and never use them. 2) You use $_POST['url'] and $_POST['desc'] before you check to see if they exist. 3) You re-set $url and $aprasymas as htmlspecialchars(), but that's wrong for use in a query. Also, you still don't use them 4) Your SELECT is malformed, 'desc' cannot be quoted like that. 5) You're not running the insert query inside your IF 6) This script will echo "Yes!" for each entry of unique description for each URL. If I use google.com with 8 different descriptions, there will be 8 entries in the DB. I don't know if you want that. how about 4 and 6 ?.. big problem for 6. Quote Link to comment Share on other sites More sharing options...
ManiacDan Posted December 20, 2011 Share Posted December 20, 2011 How about them? Quote Link to comment Share on other sites More sharing options...
DeCarlo Posted December 20, 2011 Author Share Posted December 20, 2011 can you explain or sample about 4 and 6... Quote Link to comment Share on other sites More sharing options...
DeCarlo Posted December 20, 2011 Author Share Posted December 20, 2011 up up! Quote Link to comment Share on other sites More sharing options...
ManiacDan Posted December 20, 2011 Share Posted December 20, 2011 Don't bump, it's against the rules. We're not paid to come here. 4) Exactly what I said. You cannot quote column names. This WHERE clause will always return zero rows, because the string 'desc' will never equal the site's description unless you happened to type 'desc' 6) This is a design thing and I don't know how you want your site to work, so ignore it. Quote Link to comment Share on other sites More sharing options...
DeCarlo Posted December 21, 2011 Author Share Posted December 21, 2011 i dont understand.what you say Quote Link to comment Share on other sites More sharing options...
ManiacDan Posted December 21, 2011 Share Posted December 21, 2011 I'm saying exactly what sasa already said. You cannot put single quotes around column names. There isn't much more I can do to explain that. WRONG: WHERE 'columnName' = 'something' RIGHT: WHERE columnName = 'something' You can also put backticks around column names if you named your columns with reserved keywords: WHERE `desc` = 'something' Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.