TalkPHP

TalkPHP (http://www.talkphp.com/forums.php)
-   General (http://www.talkphp.com/general/)
-   -   if data is already in database (http://www.talkphp.com/general/4814-if-data-already-database.html)

russellharrower 08-04-2009 03:57 PM
if data is already in database
 
Hi I am trying to work out the following information
Lets say I have the word apple in my database and someone wants to place another apple in the db, I don't what them to be able to.

I don't want to have to use the unique key to do this, however I have already.

What I want to do is in the PHP if the word is in the database it ends the php code, and does not go on.

I was thinking something like this.

Code:
if ($row[name] =="apple'') {
END
}
else
{
continue
};

tony 08-04-2009 11:39 PM
you can try the mysql_num_rows() function like this:
php Code:
$result = mysql_query('SELECT recordID FROM fruits WHERE name="apple"');
if(mysql_num_rows($result) > 0 {
    //error, apple already exists
}else{
    //congrats! you added an apple to the basket.
}

I should encourage you (me too) to use mysqli objects for security reasons, but I need to learn it myself too.

russellharrower 08-05-2009 12:32 AM
Quote:
Originally Posted by tony (Post 27551)
you can try the mysql_num_rows() function like this:
php Code:
$result = mysql_query('SELECT recordID FROM fruits WHERE name="apple"');
if(mysql_num_rows($result) > 0 {
    //error, apple already exists
}else{
    //congrats! you added an apple to the basket.
}

I should encourage you (me too) to use mysqli objects for security reasons, but I need to learn it myself too.
Yes you are correct it is a lot better to use mysqli however some servers don't seem to turn them on, due to and if you ask me this is silly...

CPU useage apparently it takes up to much? That was the excuse my server hosting company said. After tell them I leave to go somewhere else they turned it on for my account.

ETbyrne 08-05-2009 12:40 AM
Baloney, go find yourself a better web host. Any host that doesn't support MySQLi because it is too server intensive must have really bad servers (think old dell sitting in closet)!

russellharrower 08-05-2009 06:24 AM
Hi I am getting this error

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/example/public_html/apple.php on line 14

line 14 is where the code you gave me is.

Thanks

sketchMedia 08-05-2009 08:49 AM
It seems like either your query failed, or you are not passing it the correct variable (can't accurately tell because I have no code to examine i.e. sql)

russellharrower 08-05-2009 09:18 AM
This is my code

PHP Code:
$filename $_POST['imageq'];

if (!$bonushsystemconnect)
  {
  die('Could not connect: ' mysql_error());
  }

mysql_select_db("bonush_sy6"$bonushsystemconnect);


$imageresult mysql_query('SELECT id FROM isearch WHERE imageurl="$filename"');

if(mysql_num_rows($imageresult) > 0) {
print "Already In DB";
end;
}else{
 //congrats! you added an apple to the basket.
                                
$ran md5(uniqid(mt_rand(), true));

$size getimagesize($filename);
 
switch ($size['mime']) {
    case "image/gif":
        $type".gif";
        break;
    case "image/jpeg":
        $type".jpg";
        break;
    case "image/png":
        $type".png";
        break;
    case "image/bmp":
        $type".bmp";
        break;



$test $ran;
$test $test.''.$type;

$fh fopen("$test"'w') or die("can't open file");

if($fh==false)
    die("unable to create file");


if(!@copy ($filename,$test))
{
    $errorserror_get_last();
    echo "COPY ERROR: ".$errors['type'];
    echo "<br />\n".$errors['message'];
} else {
    echo "File copied from remote!";



$sql="INSERT INTO isearch (site, imageurl, oururl, keywords) VALUES ('Peter', '$filename', '$test', 'lol')";

if (!mysql_query($sql$bonushsystemconnect))
  {
  die('Error: ' mysql_error());
  }
echo "1 record added";
 }


For some reason the if statement to stop it going on an adding the new row or copying the image, it seems to ether not be checking the DB or there is something wrong with placing if statements in side else statements?

tony 08-05-2009 01:14 PM
I think the error is here:
PHP Code:
$imageresult mysql_query('SELECT id FROM isearch WHERE imageurl="$filename"'); 
Single quotes strings don't parse the contents of a variable, everything is a string for them. try this:

php Code:
$imageresult = mysql_query('SELECT id FROM isearch WHERE imageurl="' . $filename . '"');
or this
php Code:
$imageresult = mysql_query("SELECT id FROM isearch WHERE imageurl='$filename'");

I prefer the first one, easy to read in text editors plus it gains a bit of speed.

ioan1k 08-05-2009 01:54 PM
php Code:
$filename = $_POST['imageq'];
$filename = mysql_real_escape_string($filename);

if (!$bonushsystemconnect)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("bonush_sy6", $bonushsystemconnect);

// I can inject anything i want here
$imageresult = mysql_query('SELECT id FROM isearch WHERE imageurl="'.$filename.'"');

if(mysql_num_rows($imageresult) > 0) {
print "Already In DB";
end;
}else{
 //congrats! you added an apple to the basket.
                                
$ran = md5(uniqid(mt_rand(), true));

$size = getimagesize($filename);
 
switch ($size['mime']) {
    case "image/gif":
        $type= ".gif";
        break;
    case "image/jpeg":
        $type= ".jpg";
        break;
    case "image/png":
        $type= ".png";
        break;
    case "image/bmp":
        $type= ".bmp";
        break;
} 


$test = $ran;
$test = $test.''.$type;

$fh = fopen("$test", 'w') or die("can't open file");

if($fh==false)
    die("unable to create file");


if(!@copy ($filename,$test))
{
    $errors= error_get_last();
    echo "COPY ERROR: ".$errors['type'];
    echo "<br />\n".$errors['message'];
} else {
    echo "File copied from remote!";


// AND HERE
$sql='INSERT INTO isearch (site, imageurl, oururl, keywords) VALUES ("Peter", "'.$filename.'", ".$test.'", "lol")';

if (!mysql_query($sql, $bonushsystemconnect))
  {
  die('Error: ' . mysql_error())
  }
echo "1 record added";
 }
}

Updated your code to include mysql injection prevention and your SQL queries to run without causing errors.

If you ran the code as you posted the SQL fails because it does not properly parse the query. When you are performing SQL queries it is always easier to use single quotes for the string.

@See
;http://us.php.net/manual/en/language....syntax.single
For more information

AND

http://us2.php.net/manual/en/functio...ape-string.php

For information on SQL injection

sketchMedia 08-05-2009 01:54 PM
Quote:
Originally Posted by tony (Post 27559)
I think the error is here:
PHP Code:
$imageresult mysql_query('SELECT id FROM isearch WHERE imageurl="$filename"'); 
Single quotes strings don't parse the contents of a variable, everything is a string for them. try this:

php Code:
$imageresult = mysql_query('SELECT id FROM isearch WHERE imageurl="' . $filename . '"');
or this
php Code:
$imageresult = mysql_query("SELECT id FROM isearch WHERE imageurl='$filename'");

I prefer the first one, easy to read in text editors plus it gains a bit of speed.
Or you could use TalkPHP's favorite function : sprintf (if a website can have favorites :-/)
PHP Code:

$imageresult mysql_query(sprintf("SELECT `id` FROM `isearch` WHERE `imageurl` = '%s'"mysql_real_escape_string($filename))); 


All times are GMT. The time now is 03:56 AM.

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.1.0