checking for values in MySQL and other conditions not working???

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Paris_Sucks
    #1

    checking for values in MySQL and other conditions not working???

    I'm trying to redirect when testing for certain condidtions as shown
    below. When the conditions are ture, it redirects, but still goes ahead and
    processes the sql query. What am I doing wrong??? And then sometimes when
    the conditions are correct, it doens't redirect. It appears to be very
    inconsistent.

    Any suggestions would be greatly appreciated.

    //Check for repeat name
    $result = mysql_query("SE LECT * FROM survey WHERE FirstName =
    '".$FirstName." ' AND LastName = '".$LastName ."' ");
    $num_rows = mysql_num_rows( $result);
    if($num_rows > 0){header("loca tion: ./oops.htm");};

    //Check for repeat email
    $result = mysql_query("SE LECT * FROM survey WHERE EmailAddress =
    '".$EmailAddres s."' ");
    $num_rows = mysql_num_rows( $result);
    if($num_rows > 0){header("loca tion: ./oops.htm");};

    //Check for existance of first name, last name, and email
    if(!$FirstName) {header("locati on: ./oops.htm");};
    if(!$LastName){ header("locatio n: ./oops.htm");};
    if(!$EmailAddre ss){header("loc ation: ./oops.htm");};

    $newrecord = ("INSERT INTO survey (FirstName) values ($'Joe')");
    $result=mysql_q uery($newrecord );

    //Redirect to thankyou
    header("locatio n: ./thanks.htm");


    Tags: None
    • Andy Hassall
      #2
      Re: checking for values in MySQL and other conditions not working???

      On Fri, 08 Aug 2003 23:22:19 GMT, "Paris_Suck s" <paris_sucks@ho tmail.com>
      wrote:
      [color=blue]
      > I'm trying to redirect when testing for certain condidtions as shown
      >below. When the conditions are ture, it redirects, but still goes ahead and
      >processes the sql query. What am I doing wrong??? And then sometimes when
      >the conditions are correct, it doens't redirect. It appears to be very
      >inconsistent .
      >
      >Any suggestions would be greatly appreciated.[/color]

      Deep breath...
      [color=blue]
      > //Check for repeat name
      > $result = mysql_query("SE LECT * FROM survey WHERE FirstName =
      >'".$FirstName. "' AND LastName = '".$LastName ."' ");[/color]

      Problem 1: Any of the these queries could fail, but you're not checking for
      errors.

      Never ignore the return value of mysql_query; if there's an error, it returns
      false, and the reason for the error is available in mysql_error().

      For debugging use something like:

      $result = mysql_query($qu ery)
      or die ("Query failed:<br>$que ry<br>Error: " . mysql_error());

      This will show you the error, which query caused it, and prevent your script
      carrying on past a failed query and getting into even worse trouble with
      undefined variables and resource handles (as above).

      Problem 2 (possibly): Are those variables $FirstName and $LastName properly
      escaped? i.e. are all single quotes turned into \' ?
      [color=blue]
      > $num_rows = mysql_num_rows( $result);[/color]

      Problem 3: All you're looking for is whether there is a row. However you're
      fetching all the data from the database, then ignoring it.

      If you want to count how many rows match, use COUNT(*) in the SQL, and fetch
      the single row it will return, and get the number from there.
      [color=blue]
      > if($num_rows > 0){header("loca tion: ./oops.htm");};[/color]

      Problem 4: You send an invalid Location header here. Location headers have to
      be absolute URLs according to the HTTP specification.

      Problem 5: Just because you send a Location header does not mean the script
      stops here. You'll carry on to the next bit, and possibly send more Location
      headers. If you want to send the header then stop, use exit().
      [color=blue]
      > //Check for repeat email
      > $result = mysql_query("SE LECT * FROM survey WHERE EmailAddress =
      >'".$EmailAddre ss."' ");
      > $num_rows = mysql_num_rows( $result);
      > if($num_rows > 0){header("loca tion: ./oops.htm");};
      >
      > //Check for existance of first name, last name, and email
      > if(!$FirstName) {header("locati on: ./oops.htm");};
      > if(!$LastName){ header("locatio n: ./oops.htm");};
      > if(!$EmailAddre ss){header("loc ation: ./oops.htm");};
      >
      > $newrecord = ("INSERT INTO survey (FirstName) values ($'Joe')");[/color]

      Problem 6: Why the brackets around the string?
      Problem 7: ($'Joe') ? Did you just mean ('Joe')? Or ('$Joe')?
      [color=blue]
      > $result=mysql_q uery($newrecord );[/color]

      This will fail due Problem 7, and you'll carry on regardless due to Problem 1
      despite it not having worked.
      [color=blue]
      > //Redirect to thankyou
      > header("locatio n: ./thanks.htm");[/color]

      --
      Andy Hassall (andy@andyh.co. uk) icq(5747695) (http://www.andyh.co.uk)
      Space: disk usage analysis tool (http://www.andyhsoftware.co.uk/space)

        Comment

        • Paris_Sucks
          #3
          Re: checking for values in MySQL and other conditions not working???

          Thanks much for you reply. IT was the exit(); commands that I needed to
          include.

          Thanks again,

          Jeff.

          "Andy Hassall" <andy@andyh.co. uk> wrote in message
          news:sol8jv0n0d mfbnhn79vfilp99 vgibtcqrn@4ax.c om...[color=blue]
          > On Fri, 08 Aug 2003 23:22:19 GMT, "Paris_Suck s" <paris_sucks@ho tmail.com>
          > wrote:
          >[color=green]
          > > I'm trying to redirect when testing for certain condidtions as shown
          > >below. When the conditions are ture, it redirects, but still goes ahead[/color][/color]
          and[color=blue][color=green]
          > >processes the sql query. What am I doing wrong??? And then sometimes[/color][/color]
          when[color=blue][color=green]
          > >the conditions are correct, it doens't redirect. It appears to be very
          > >inconsistent .
          > >
          > >Any suggestions would be greatly appreciated.[/color]
          >
          > Deep breath...
          >[color=green]
          > > //Check for repeat name
          > > $result = mysql_query("SE LECT * FROM survey WHERE FirstName =
          > >'".$FirstName. "' AND LastName = '".$LastName ."' ");[/color]
          >
          > Problem 1: Any of the these queries could fail, but you're not checking[/color]
          for[color=blue]
          > errors.
          >
          > Never ignore the return value of mysql_query; if there's an error, it[/color]
          returns[color=blue]
          > false, and the reason for the error is available in mysql_error().
          >
          > For debugging use something like:
          >
          > $result = mysql_query($qu ery)
          > or die ("Query failed:<br>$que ry<br>Error: " . mysql_error());
          >
          > This will show you the error, which query caused it, and prevent your[/color]
          script[color=blue]
          > carrying on past a failed query and getting into even worse trouble with
          > undefined variables and resource handles (as above).
          >
          > Problem 2 (possibly): Are those variables $FirstName and $LastName[/color]
          properly[color=blue]
          > escaped? i.e. are all single quotes turned into \' ?
          >[color=green]
          > > $num_rows = mysql_num_rows( $result);[/color]
          >
          > Problem 3: All you're looking for is whether there is a row. However[/color]
          you're[color=blue]
          > fetching all the data from the database, then ignoring it.
          >
          > If you want to count how many rows match, use COUNT(*) in the SQL, and[/color]
          fetch[color=blue]
          > the single row it will return, and get the number from there.
          >[color=green]
          > > if($num_rows > 0){header("loca tion: ./oops.htm");};[/color]
          >
          > Problem 4: You send an invalid Location header here. Location headers[/color]
          have to[color=blue]
          > be absolute URLs according to the HTTP specification.
          >
          > Problem 5: Just because you send a Location header does not mean the[/color]
          script[color=blue]
          > stops here. You'll carry on to the next bit, and possibly send more[/color]
          Location[color=blue]
          > headers. If you want to send the header then stop, use exit().
          >[color=green]
          > > //Check for repeat email
          > > $result = mysql_query("SE LECT * FROM survey WHERE EmailAddress =
          > >'".$EmailAddre ss."' ");
          > > $num_rows = mysql_num_rows( $result);
          > > if($num_rows > 0){header("loca tion: ./oops.htm");};
          > >
          > > //Check for existance of first name, last name, and email
          > > if(!$FirstName) {header("locati on: ./oops.htm");};
          > > if(!$LastName){ header("locatio n: ./oops.htm");};
          > > if(!$EmailAddre ss){header("loc ation: ./oops.htm");};
          > >
          > > $newrecord = ("INSERT INTO survey (FirstName) values ($'Joe')");[/color]
          >
          > Problem 6: Why the brackets around the string?
          > Problem 7: ($'Joe') ? Did you just mean ('Joe')? Or ('$Joe')?
          >[color=green]
          > > $result=mysql_q uery($newrecord );[/color]
          >
          > This will fail due Problem 7, and you'll carry on regardless due to[/color]
          Problem 1[color=blue]
          > despite it not having worked.
          >[color=green]
          > > //Redirect to thankyou
          > > header("locatio n: ./thanks.htm");[/color]
          >
          > --
          > Andy Hassall (andy@andyh.co. uk) icq(5747695) (http://www.andyh.co.uk)
          > Space: disk usage analysis tool (http://www.andyhsoftware.co.uk/space)[/color]


            Comment

            Previous template Next
            Working...