if data is already in database

russellharrower · 08-04-2009, 03:57 PM

Hi I am trying to work out the following information
Lets say I have the word apple in my database and someone wants to place another apple in the db, I don't what them to be able to.

I don't want to have to use the unique key to do this, however I have already.

What I want to do is in the PHP if the word is in the database it ends the php code, and does not go on.

I was thinking something like this.

Code:

if ($row[name] =="apple'') {
END
}
else
{
continue 
};

tony · 08-04-2009, 11:39 PM

you can try the mysql_num_rows() function like this:

php Code:

$result = mysql_query('SELECT recordID FROM fruits WHERE name="apple"');
if(mysql_num_rows($result) > 0 {
    //error, apple already exists
}else{
    //congrats! you added an apple to the basket.
}

I should encourage you (me too) to use mysqli objects for security reasons, but I need to learn it myself too.

russellharrower · 08-05-2009, 12:32 AM

Quote:

Originally Posted by tony

you can try the mysql_num_rows() function like this:

php Code:

$result = mysql_query('SELECT recordID FROM fruits WHERE name="apple"');
if(mysql_num_rows($result) > 0 {
    //error, apple already exists
}else{
    //congrats! you added an apple to the basket.
}

I should encourage you (me too) to use mysqli objects for security reasons, but I need to learn it myself too.

Yes you are correct it is a lot better to use mysqli however some servers don't seem to turn them on, due to and if you ask me this is silly...

CPU useage apparently it takes up to much? That was the excuse my server hosting company said. After tell them I leave to go somewhere else they turned it on for my account.

ETbyrne · 08-05-2009, 12:40 AM

Baloney, go find yourself a better web host. Any host that doesn't support MySQLi because it is too server intensive must have really bad servers (think old dell sitting in closet)!

russellharrower · 08-05-2009, 06:24 AM

Hi I am getting this error

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/example/public_html/apple.php on line 14

line 14 is where the code you gave me is.

Thanks

sketchMedia · 08-05-2009, 08:49 AM

It seems like either your query failed, or you are not passing it the correct variable (can't accurately tell because I have no code to examine i.e. sql)

russellharrower · 08-05-2009, 09:18 AM

This is my code

PHP Code:


			
$filename = $_POST['imageq'];



if (!$bonushsystemconnect)

  {

  die('Could not connect: ' . mysql_error());

  }



mysql_select_db("bonush_sy6", $bonushsystemconnect);





$imageresult = mysql_query('SELECT id FROM isearch WHERE imageurl="$filename"');



if(mysql_num_rows($imageresult) > 0) {

print "Already In DB";

end;

}else{

 //congrats! you added an apple to the basket.

                                

$ran = md5(uniqid(mt_rand(), true));



$size = getimagesize($filename);

 

switch ($size['mime']) {

    case "image/gif":

        $type= ".gif";

        break;

    case "image/jpeg":

        $type= ".jpg";

        break;

    case "image/png":

        $type= ".png";

        break;

    case "image/bmp":

        $type= ".bmp";

        break;

} 





$test = $ran;

$test = $test.''.$type;



$fh = fopen("$test", 'w') or die("can't open file");



if($fh==false)

    die("unable to create file");





if(!@copy ($filename,$test))

{

    $errors= error_get_last();

    echo "COPY ERROR: ".$errors['type'];

    echo "<br />\n".$errors['message'];

} else {

    echo "File copied from remote!";







$sql="INSERT INTO isearch (site, imageurl, oururl, keywords) VALUES ('Peter', '$filename', '$test', 'lol')";



if (!mysql_query($sql, $bonushsystemconnect))

  {

  die('Error: ' . mysql_error());

  }

echo "1 record added";

 }

}

For some reason the if statement to stop it going on an adding the new row or copying the image, it seems to ether not be checking the DB or there is something wrong with placing if statements in side else statements?

tony · 08-05-2009, 01:14 PM

I think the error is here:

PHP Code:


			
$imageresult = mysql_query('SELECT id FROM isearch WHERE imageurl="$filename"');

Single quotes strings don't parse the contents of a variable, everything is a string for them. try this:

php Code:

$imageresult = mysql_query('SELECT id FROM isearch WHERE imageurl="' . $filename . '"');

or this

php Code:

$imageresult = mysql_query("SELECT id FROM isearch WHERE imageurl='$filename'");

I prefer the first one, easy to read in text editors plus it gains a bit of speed.

ioan1k · 08-05-2009, 01:54 PM

php Code:

$filename = $_POST['imageq'];
$filename = mysql_real_escape_string($filename);

if (!$bonushsystemconnect)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("bonush_sy6", $bonushsystemconnect);

// I can inject anything i want here
$imageresult = mysql_query('SELECT id FROM isearch WHERE imageurl="'.$filename.'"');

if(mysql_num_rows($imageresult) > 0) {
print "Already In DB";
end;
}else{
 //congrats! you added an apple to the basket.
                                
$ran = md5(uniqid(mt_rand(), true));

$size = getimagesize($filename);
 
switch ($size['mime']) {
    case "image/gif":
        $type= ".gif";
        break;
    case "image/jpeg":
        $type= ".jpg";
        break;
    case "image/png":
        $type= ".png";
        break;
    case "image/bmp":
        $type= ".bmp";
        break;
} 


$test = $ran;
$test = $test.''.$type;

$fh = fopen("$test", 'w') or die("can't open file");

if($fh==false)
    die("unable to create file");


if(!@copy ($filename,$test))
{
    $errors= error_get_last();
    echo "COPY ERROR: ".$errors['type'];
    echo "<br />\n".$errors['message'];
} else {
    echo "File copied from remote!";


// AND HERE
$sql='INSERT INTO isearch (site, imageurl, oururl, keywords) VALUES ("Peter", "'.$filename.'", ".$test.'", "lol")';

if (!mysql_query($sql, $bonushsystemconnect))
  {
  die('Error: ' . mysql_error())
  }
echo "1 record added";
 }
}

Updated your code to include mysql injection prevention and your SQL queries to run without causing errors.

If you ran the code as you posted the SQL fails because it does not properly parse the query. When you are performing SQL queries it is always easier to use single quotes for the string.

@See
;http://us.php.net/manual/en/language....syntax.single
For more information

AND

http://us2.php.net/manual/en/functio...ape-string.php

For information on SQL injection

sketchMedia · 08-05-2009, 01:54 PM

Quote:

Originally Posted by tony

I think the error is here:

PHP Code:


			
$imageresult = mysql_query('SELECT id FROM isearch WHERE imageurl="$filename"');

Single quotes strings don't parse the contents of a variable, everything is a string for them. try this:

php Code:

$imageresult = mysql_query('SELECT id FROM isearch WHERE imageurl="' . $filename . '"');

or this

php Code:

$imageresult = mysql_query("SELECT id FROM isearch WHERE imageurl='$filename'");

I prefer the first one, easy to read in text editors plus it gains a bit of speed.

Or you could use TalkPHP's favorite function : sprintf (if a website can have favorites

)

PHP Code:


			

$imageresult = mysql_query(sprintf("SELECT `id` FROM `isearch` WHERE `imageurl` = '%s'", mysql_real_escape_string($filename)));