Kularian Posted February 2, 2007 Share Posted February 2, 2007 Okay, here's my issue. I'm trying to make a set of two forms that do slightly different things. The first works fine. It accepts information about a company and stores it in a MySQL database. No worries there. The other database is set up to (theoretically) accept a company name (to reference it to the first database), an image, and some other information. When I submit the form, (which I'll show below), I'd like for the form to check and see if there is a company name that matches the one entered. If not, it won't add the data to the database. If so, it will add it. However, it seems that I'm doing something wrong with the comparison...here's what I have: The Form: <form action="aResults.php" method="POST" enctype="multipart/form-data"> <?="Company Name:"?> <input type="text" name="cName"> <br><br><br> <?="Ad Image:"?> <input type="hidden" name="MAX_FILE_SIZE" value="2000000"><input name="userfile" type="file" class="box" id="userfile"> <br><br><br> <?="Text to be displayed under Ad:"?> <textarea cols="50" rows="4" name="txt"></textarea> <br><br><br> <input type="submit" value="Submit"> </form> It's done a little redundantly, I know. But I'm new to this php/html thing, so I'm still trying to get the hang of it. There is more to that particular file, but I don't think it has any bearing on my issue. If you'd like to see the rest of it, let me know. Now, here's the php file that accepts the form data and works with the database: <?php $db = mysql_connect(localhost, ancienth_click, click); mysql_select_db(ancienth_click,$db); $month = date('m'); $result = mysql_query("SELECT * FROM company WHERE cName = '$cName'", $db) or die("failed"); if ($result) { $sql = "INSERT INTO ad (cName, content, txt, mnth) VALUES ('$cName', '$content', '$txt', '$month')" or die(mysql_error()); print "Ad information added successfully."; } else { print "No matching company found in database. Please check spelling and try again."; } ?> <br><br><br> <html> <body> <a href="link">Click here to go back to the main page.</a> </body> </html> So, what I'd like it to do it test to see if there are any rows within the SQL db with the same name as the one which was entered. However, it fails each time. I'm not sure exactly what I'm doing incorrect. To me, it makes sense. Also, the cName in the db is a VarChar data type, if that makes any difference. Thank you for your assistance. Link to comment https://forums.phpfreaks.com/topic/36835-solved-mysql-question/ Share on other sites More sharing options...
KrisNz Posted February 2, 2007 Share Posted February 2, 2007 change "SELECT * FROM company WHERE cName = $cName", to "SELECT * FROM company WHERE cName = '$cName'", since your searching for a string. Link to comment https://forums.phpfreaks.com/topic/36835-solved-mysql-question/#findComment-175737 Share on other sites More sharing options...
Kularian Posted February 2, 2007 Author Share Posted February 2, 2007 Okay, it's no longer giving an error. That fixed that. But it now returns true no matter if I have that company name in the other DB or not... Thanks for that fix, I figured it was something easy like that. Link to comment https://forums.phpfreaks.com/topic/36835-solved-mysql-question/#findComment-175739 Share on other sites More sharing options...
trq Posted February 2, 2007 Share Posted February 2, 2007 $result = mysql_query("SELECT * FROM company WHERE cName = '$cName'", $db) or die("failed"); if ($result) { if (mysql_num_rows($result)) { // ps; this next line doesn't execute the query if thats what you expect. $sql = "INSERT INTO ad (cName, content, txt, mnth) VALUES ('$cName', '$content', '$txt', '$month')" or die(mysql_error()); print "Ad information added successfully."; } else { print "No matching company found in database. Please check spelling and try again."; } } Link to comment https://forums.phpfreaks.com/topic/36835-solved-mysql-question/#findComment-175741 Share on other sites More sharing options...
effigy Posted February 2, 2007 Share Posted February 2, 2007 Don't forget to sanitize the user input with mysql_real_escape_string. Link to comment https://forums.phpfreaks.com/topic/36835-solved-mysql-question/#findComment-175743 Share on other sites More sharing options...
Kularian Posted February 2, 2007 Author Share Posted February 2, 2007 All right, I'll give that a try... // ps; this next line doesn't execute the query if thats what you expect. What do you mean by that? Is there an error in there somewhere? It seems to insert the data fine as far as I can tell...usually. After changing code: Ah ha, it works. Thank you very much! Re: mysql_real_escape_string - Hm, I didn't know about that. I'll stick that in there as well. Thanks! Link to comment https://forums.phpfreaks.com/topic/36835-solved-mysql-question/#findComment-175746 Share on other sites More sharing options...
Kularian Posted February 2, 2007 Author Share Posted February 2, 2007 Ah, I see what you meant. I missed a line in that results page. All fixed. Thanks to everyone for the help! Link to comment https://forums.phpfreaks.com/topic/36835-solved-mysql-question/#findComment-175764 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.