Validate Data before making entry into table

danielhalawi

Hi,

I'm looking to check a table to see if an entry is in before it adds and entry.

I need to check a field in a table based on what the post data is.

So I need to check
$s_POST['fname']; is not already in the table.

Any help would be great.

Thank You

jignesh1

SELECT * FROM table_name WHERE column_name = $_POST['data']

if it retrive the data from the table then there data alread in it
and if it doesnt then insert it to the table
u if else statement and mysql_num_rows()

Piranha

A few notes on this. First you should only do this check if the column(s) used is unique together. Otherwise you might get results that is not really a duplicate. Second you should use SELECT COUNT(*) when you just want to see if something exists or only want to count something. Otherwise everything is returned from the database and then just discarded, it takes lots of time. Third you should be sure to use the right function to avoid database injection. For mysql it is [man]mysql_real_escape_string[/man]. The query should then look something like this:

$sql = "SELECT COUNT(*) FROM table WHERE column = " . mysql_real_escape_string($_POST['data']);

danielhalawi

Piranha wrote:
A few notes on this. First you should only do this check if the column(s) used is unique together. Otherwise you might get results that is not really a duplicate. Second you should use SELECT COUNT(*) when you just want to see if something exists or only want to count something. Otherwise everything is returned from the database and then just discarded, it takes lots of time. Third you should be sure to use the right function to avoid database injection. For mysql it is [man]mysql_real_escape_string[/man]. The query should then look something like this:
$sql = "SELECT COUNT(*) FROM table WHERE column = " . mysql_real_escape_string($_POST['data']);

Hi, this is my code:

$fname=$_POST['fname']; 
$laname=$_POST['lname']; 
$storenumber=$_POST['storenumber']; 
$type=$_POST['type']; 
$check = mysql_query("SELECT COUNT(*) FROM benugo_staff WHERE fname = " . mysql_real_escape_string($_POST['fname']) . " AND lname = " . mysql_real_escape_string($_POST['lname']));
$number = '0';
if ($check > $number) {
echo ("something is wrong");
}else{ 
mysql_query("INSERT INTO `staff` VALUES ('', '$fname', '', '$lname', '', '$storenumber', '$type', '', 'Active')") or die(mysql_error()); 
echo "<meta http-equiv=\"refresh\" content=\"5;URL=useradd.php?cid=".$cid."\" />
<span class=\"column_header\">Your information has been successfully added to the database</span><br />
  <span class=\"column_header2\">you will shortly be redirected to the course attendance form to add your team member to the course.</span><br />
</p>";}

There is no php error, and it posts to the database
The result from the query is 6, but it is still posting the entry into the database?

Piranha

$check is a result from MySQL and not a number in itself. You need to use mysql_fetch_row or some simular function to get to the value that is returned, then it will probably work as you expect it to.

But I am a bit curious. This code forbids people that have the same first and last name to be employed. Don't you think it should be possible to have 2 John Smith working in the company?

And don't forget to use mysql_real_escape_string in EVERY query. In the code you posted you have 4 variables that are not checked with this.

danielhalawi

$check = mysql_query("SELECT * FROM benugo_staff WHERE fname = " . mysql_real_escape_string($_POST['fname']) . " AND lname = " . mysql_real_escape_string($_POST['lname']));
$num_rows = mysql_num_rows($check);
$number = ("0");
if ($num_rows > $number) {
echo ("something is wrong");
}else{

am I doing something wrong its still not working?

Piranha

I think you should read debugging 101 to learn how to debug the code. One tip is that the parts of a comparison should be possible to compare with each other. A string and a int is not comparable.