Checking database, before updating

Discussion in 'PHP' started by mpea, Jul 1, 2007.

0
  1. #1
    Anyone have any ideas why this is not works:

    Im trying to check the database to see if the url exist (in the db) before writting over it


    mysql_connect("correctip", "correctUsename", "Correctpass") or die(mysql_error());
mysql_select_db("correcttable") or die(mysql_error());

$URLdata = mysql_query("SELECT LT_URL FROM lt_Users")or die(mysql_error()); // the querry
	  
$DUP = FALSE;      
// need to check if $_POST['LT_URLBox'] already exist, if does, dont update  ($DUP = True)  

CheckURLExists(); 
if ($DUP == FALSE){
$result48= mysql_query("UPDATE lt_Users SET LT_URL='$lturlBox' WHERE lt_Name ='$nom' AND lt_Pss='$ps'");
}


FUNCTION CheckURLExists() {
while( $URLinfo = mysql_fetch_array( $URLdata ) ){
	if (strtolower($URLinfo['LT_URL']) == strtolower($lturlBox)){$DUP = TRUE;}
	}
	Return $DUP;
	}
    PHP:
    It seems to write over the url regardless of it already being present in the db
     
    mpea, Jul 1, 2007 IP
  2. nico_swd

    nico_swd Prominent Member

    Messages:
    4,153
    Likes Received:
    344
    Best Answers:
    18
    Trophy Points:
    375
    #2
    Try this.
    
mysql_connect("correctip", "correctUsename", "Correctpass") or die(mysql_error());
mysql_select_db("correcttable") or die(mysql_error());

$URLdata = mysql_query("
	SELECT LT_URL
	FROM lt_Users
	WHERE LT_URL = '". trim(mysql_real_escape_string($_POST['LT_URLBox'])) ."'
	LIMIT 1
")or die(mysql_error()); // the querry

if (!mysql_num_rows($URLdata))
{
	mysql_query("UPDATE lt_Users SET LT_URL='$lturlBox' WHERE lt_Name ='$nom' AND lt_Pss='$ps'");
}
    PHP:
    I'm using the URL directly in the WHERE clause. No need to loop through all results. Also, MySQL searches are by default case-insensitive. So don't worry about that.
     
    nico_swd, Jul 1, 2007 IP
  3. mpea

    mpea Guest

    Messages:
    272
    Likes Received:
    9
    Best Answers:
    0
    Trophy Points:
    0
    #3
    Hm, its open to js injection attack, (its from a user input), so really shouldnt be using direct user input in sql queries.

    !mysql_num_rows($URLdata) seems like an easier way of doing things though, Ill have a look, thx

    That was darn quick by the way!
     
    mpea, Jul 1, 2007 IP
  4. nico_swd

    nico_swd Prominent Member

    Messages:
    4,153
    Likes Received:
    344
    Best Answers:
    18
    Trophy Points:
    375
    #4
    nico_swd, Jul 1, 2007 IP
  5. AsHinE

    AsHinE Well-Known Member

    Messages:
    240
    Likes Received:
    8
    Best Answers:
    1
    Trophy Points:
    138
    #5
    Maybe in your case
    FUNCTION CheckURLExists() {
global $DUP;
while( $URLinfo = mysql_fetch_array( $URLdata ) ){
    if (strtolower($URLinfo['LT_URL']) == strtolower($lturlBox)){$DUP = TRUE;}
    }
    Return $DUP;
    }
    PHP:
    but I'd rather suggest using nico_swd method to check for url in DB.
     
    AsHinE, Jul 4, 2007 IP
  6. ansi

    ansi Well-Known Member

    Messages:
    1,483
    Likes Received:
    65
    Best Answers:
    0
    Trophy Points:
    100
    #6
    and what the heck is a javascript injection attack if you don't mind me asking :) i think you mean sql injection but yeah, could be wrong.
     
    ansi, Jul 4, 2007 IP
  7. fbnewtz

    fbnewtz Peon

    Messages:
    160
    Likes Received:
    3
    Best Answers:
    0
    Trophy Points:
    0
    #7
    You have a good point there Ansi. If you are entering the data into a text box, then obviously you could go the hard way and try to change the variable with javascript, but why?
     
    fbnewtz, Jul 4, 2007 IP