sherm Posted February 14, 2008 Share Posted February 14, 2008 I'm fairly new to php/mysql coding and I have a quick question: I'm making a simple survey system. When the user starts the survey their username is added to my MySQL database. Also, the text "incomplete" is added to another. When the user finishes the survey, "incomplete" is updated to "complete". I have all this working perfectly... However, I cannot figure out how to keep the user from taking the survey again. If their username has "incomplete" as its status, they should be able to retake the survey... but if it's "complete" the survey should echo back an error message. So how do I code it so the script first checks their username and then the completion status in the same row? And if the status is complete, it bounces back an error? Thanks in advance Quote Link to comment Share on other sites More sharing options...
revraz Posted February 14, 2008 Share Posted February 14, 2008 In your SELECT querry, make sure you grab your Status, then compare the results. If it equals Completed, then error out/redirect or do what action you like. Quote Link to comment Share on other sites More sharing options...
sherm Posted February 14, 2008 Author Share Posted February 14, 2008 here's my code so far: <?php $username="*****"; $password="*****"; $database="l*****"; $db="*****"; $name = $_POST['name']; $status = $_POST['status']; $connection = mysql_connect($database,$username,$password); mysql_select_db($db, $connection) or die( "Unable to select database"); $searchtable = "SELECT * FROM resident_name WHERE name='$name'"; $query = "INSERT INTO resident_name (name, status) VALUES ('".$name."', '".$status."')"; if($cmd=="update") { mysql_query("UPDATE resident_name SET status='complete' WHERE name='$name'", $connection); } $result = mysql_query($searchtable) or die(mysql_error()); mysql_query($query) or die( "You have already taken the survey"); mysql_close(); ?> So should I do the comparison via the $result variable I am pulling from the mysql_query? I'm not sure where I need to compare Quote Link to comment Share on other sites More sharing options...
NL_Rosko Posted February 14, 2008 Share Posted February 14, 2008 here's my code so far: <?php $username="*****"; $password="*****"; $database="l*****"; $db="*****"; $name = $_POST['name']; $status = $_POST['status']; $connection = mysql_connect($database,$username,$password); mysql_select_db($db, $connection) or die( "Unable to select database"); $searchtable = "SELECT * FROM resident_name WHERE name='$name'"; $query = "INSERT INTO resident_name (name, status) VALUES ('".$name."', '".$status."')"; if($cmd=="update") { mysql_query("UPDATE resident_name SET status='complete' WHERE name='$name'", $connection); } $result = mysql_query($searchtable) or die(mysql_error()); mysql_query($query) or die( "You have already taken the survey"); mysql_close(); ?> So should I do the comparison via the $result variable I am pulling from the mysql_query? I'm not sure where I need to compare first pull out the status of the select while row etc. $status = $row[status]; if ($status == "complete" || $status != "") continue else ... like so.. Quote Link to comment Share on other sites More sharing options...
sherm Posted February 14, 2008 Author Share Posted February 14, 2008 I changed my code to this: <?php $username="*******"; $password="**********"; $database="*********"; $db="********_sl"; $name = $_POST['name']; $status = $_POST['status']; $connection = mysql_connect($database,$username,$password); mysql_select_db($db, $connection) or die( "Unable to select database"); $searchtable = "SELECT * FROM resident_name WHERE name='$name'"; $query = "INSERT INTO resident_name (name, status) VALUES ('".$name."', '".$status."')"; if($cmd=="update") { mysql_query("UPDATE resident_name SET status='complete' WHERE name='$name'", $connection); } $result = mysql_query($searchtable) or die(mysql_error()); mysql_query($query) or die( "You have already taken the survey"); while($row=mysql_fetch_array($result)) { $status = $row["status"]; if ($status == "complete" || $status != "") { echo "survey complete"; } } mysql_close(); ?> More specifically, I added this: while($row=mysql_fetch_array($result)) { $status = $row["status"]; if ($status == "complete" || $status != "") { echo "survey complete"; } } But the code is returning the die message of "You have already taken the survey" instead of the "survey complete" echo. The "you have already taken this survey" is echoed simply because their username already exists in the database. I only want the error to show up if they exist AND they have completed the survey. Quote Link to comment Share on other sites More sharing options...
NL_Rosko Posted February 14, 2008 Share Posted February 14, 2008 i think i would rewrite it like so: in a nutshell <?php $connection = mysql_connect($database,$username,$password); mysql_select_db($db, $connection) or die( "Unable to select database"); //first check if user exists $searchtable = "SELECT user, status FROM resident_name WHERE name='$name'"; $result = mysql_query($searchtable); if ($result) { //user exists and has probably status while row etc... $user = $row[] $status = $row[] if $status == "complete { exit } else { update } else { insert } mysql_close(); ?> Quote Link to comment Share on other sites More sharing options...
sherm Posted February 25, 2008 Author Share Posted February 25, 2008 ok sorry i took so long to respond... i updated my code to the following: <?php $username="*****"; $password="********"; $database="**********"; $db="*****"; $name = $_POST['name']; $status = $_POST['status']; $connection = mysql_connect($database,$username,$password); mysql_select_db($db, $connection) or die( "Unable to select database"); //first check if user exists $searchtable = "SELECT name, status FROM resident_name WHERE name='$name'"; $result = mysql_query($searchtable); if ($result) { //user exists and has probably status while($row=mysql_fetch_array($result)) { $name = $row[] $status = $row[] if $status == "complete" { die( "Exit error") } else { mysql_query("UPDATE resident_name SET status='complete' WHERE name='$name'", $connection); } } } else { mysql_query("INSERT INTO resident_name (name, status) VALUES ('".$name."', '".$status."')", $connection); } mysql_close(); ?> it doesn't seem to work as you suggested. the user's name is no longer put into the database if it is not already there. i'm guessing the "if ($result) { }" part is not returning their name... any reasons why or how this should be fixed? Quote Link to comment Share on other sites More sharing options...
sherm Posted February 25, 2008 Author Share Posted February 25, 2008 I'm pretty sure my error is in the if($result) {} portion or the while {} portion can someone please take a look at the code any see what may be wrong? i'm terrible with syntax Quote Link to comment Share on other sites More sharing options...
revraz Posted February 25, 2008 Share Posted February 25, 2008 Check for num rows returned instead if you think that's your issue. Quote Link to comment Share on other sites More sharing options...
sherm Posted February 26, 2008 Author Share Posted February 26, 2008 so instead of if if ($result) { i'd use if ($num_rows) { ??? Quote Link to comment Share on other sites More sharing options...
ps_sach Posted February 26, 2008 Share Posted February 26, 2008 hi this is sachin patil i m new to php coding... i m doing forum in php.. i want to protect the password in the database from sql injection... any one can answer me.... Quote Link to comment Share on other sites More sharing options...
sherm Posted February 27, 2008 Author Share Posted February 27, 2008 get your own thread... i still need help Quote Link to comment Share on other sites More sharing options...
peranha Posted February 27, 2008 Share Posted February 27, 2008 so instead of if if ($result) { i'd use if ($num_rows) { ??? yes, that is what you would use by the looks of it. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.