checking if record with some field exists

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

I am new to PHP so I have done a research on how to check if an entry
exists on the table. I came up with the following code:

@mysql_select_db($database) or die( "Unable to select database");
$result = mysql_query("SELECT * FROM Contacts WHERE Code=$Code");
if($row = mysql_fetch_array($result)) echo "exists";
{$query = "INSERT INTO Contacts VALUES ('','$Name','$Code')";
echo "ok";}

This works if the code is integer (1264), however if the code is
string (a4fg5h4) it shows - "Warning: mysql_fetch_array(): supplied
argument is not a valid MySQL result resource in D:\xampp\htdocs\reg
\insert.php on line 10

I can't found out what is the problem here as all the examples on the
web shows similar codes to do checking.

Re: checking if record with some field exists

Quoted text here. Click to load it

In SQL, strings need to be quoted. That example puts $Code right into
the query without putting the code in quotes (use single-quotes).
Change the end of the query to:
WHERE Code='$Code'

I hope you realize that code is not production-quality. It is insecure/
breakable, $Code and $Name need to be escaped. You should replace the
second and third lines with something like:

$Name = isset( $_POST['Name'] )
  ? mysql_real_escape_string( $_POST['Name'] )
  : '';
$Code = isset( $_POST['Code'] )
  ? mysql_real_escape_string( $_POST['Name'] )
  : '';

-Mike PII

Re: checking if record with some field exists

Yes, funny thing that I understood that just after posting this
question on the group. No, I am not aware that this code has flaws, I
have quite experience in Delphi, however I am new in PHP. I am writing
a code for key generator that will post name and code from desktop
application (using HTTP) to php to be written to database and return
the status back to the application (if it exists or not).

Mike P2 raš :
Quoted text here. Click to load it

Site Timeline