0

I am trying to enter new information into a database everytime a user clicks a submit button in my form. It works perfectly but it only works one time. So it will enter one row into the database and after that if the user fill out the form again and clicks submit no information will be entered into the database until i delete the previous row so it works if the database is empty. Here is my code to enter it into the database if you need more info to help let me know i will rate u up and everything thanks in advance

if($_POST['submit']){
    $query = mysql_query("SELECT * FROM chanels WHERE cname = '$cname'");
    $numrows = mysql_num_rows($query);
    if($numrows == 1) {
         echo "You Channel has already been added. Go back your <a
               href='./memberpage.php'>Station Page.</a>";
    }else{
          if($_POST['description']){
               $description = $_POST['description'];
               if(strlen($description) < 250 ){
                   $code = $_GET['code'];
                   $category = $_POST['category'];
                   mysql_query("INSERT INTO chanels VALUES 
                              ('','$code','$cname','$category','$description',''
                              )");
                   echo "You Channel has been added. Go back your <a 
                                 href='./memberpage.php'>Station Page.</a>";

               }else
                   echo "Your description must be less than 250 characters!";
         }else
             echo "You must enter a description!";  
    }
}
Yan Berk
  • 14,328
  • 9
  • 55
  • 52
Waggoner_Keith
  • 590
  • 2
  • 9
  • 37
  • In the database, are there any "unique" fields? – jeremy Aug 06 '12 at 19:49
  • what is $cname? Where does it come from? BTW you are not really asking a question.... – arnoudhgz Aug 06 '12 at 19:51
  • You should stop using `mysql_*` functions. They're being deprecated. Instead use [PDO](http://php.net/manual/en/book.pdo.php) (supported as of PHP 5.1) or [mysqli](http://php.net/manual/en/book.mysqli.php) (supported as of PHP 4.1). If you're not sure which one to use, [read this SO article](http://stackoverflow.com/questions/13569/mysqli-or-pdo-what-are-the-pros-and-cons). – Matt Aug 06 '12 at 19:52
  • Why aren't you capturing and checking the return values of mysql_*? Most likely one of these calls is failing (I suspect a PK Conflict, or Unique constraint violation). Then you can call mysql_error to understand the full reasons. But right now you're just telling mysql to do things, and not even bothering to check if it refuses or not – carpii Aug 06 '12 at 19:58
  • Unrelated, but also you aren't sanitising your $_POST['description'], so the query is vulnerable to sql injection. – carpii Aug 06 '12 at 20:01
  • I know im only in testing phase ill work on security when im ready to launch haha but thanks for the heads up – Waggoner_Keith Aug 06 '12 at 20:02
  • Try.... if (mysql_query("INSERT INTO chanels VALUES ('','$code','$cname','$category','$description','')")) { echo "You Channel has been added. Go back your Station Page."; } else { echo mysql_error(); } – carpii Aug 06 '12 at 20:09

2 Answers2

1

You have a conditional specifying, if a record exist for the cname, don't do anything. I think that might have something to do with your insert only executing once. I don't know what the cname is, and if the cname differs after each submit, but if it doesn't you will never be able to get into the else conditional.

$query = mysql_query("SELECT * FROM chanels WHERE cname = '$cname'");
$numrows = mysql_num_rows($query);
if($numrows == 1){
     echo "You Channel has already been added. Go back your <a href='./memberpage.php'>Station Page.</a>";
}
Jose Vega
  • 10,128
  • 7
  • 40
  • 57
  • cname is the name of something someone enters into a textfield but that isn't the reason all that is doing is checking to see if some has already entered that name into the database to prevent duplicates. I tried that and it still doesn't work. Thanks – Waggoner_Keith Aug 06 '12 at 19:58
  • this is not a great solution. He should be checking that mysql_query() returned a valid resource handle (ie not false), before trying to pass the $query resource id in mysql_num_rows() – carpii Aug 06 '12 at 20:11
  • Can you give us an example of two submitted forms and their values; Before the if($_POST['submit']){ do a var_dump($_POST); – Jose Vega Aug 06 '12 at 20:12
  • @carpii the code in my answer is taken from the question, and it's merely used to point out the areas I am referring to in my answer. – Jose Vega Aug 06 '12 at 20:14
  • it does return a resource id i have checked that – Waggoner_Keith Aug 06 '12 at 21:02
1

Your if else statement has limited the functionality.

You can add one row because of the line 

if($numrows == 1){

after you add one row, the if statement condition is met, $numrows =1. At this point the else statement where you actually add rows to the database never runs!

GK1667
  • 1,362
  • 3
  • 14
  • 22
  • That statement is only checking to see if the database already contains that name to prevent duplicates even without that line of code it still doesn't work – Waggoner_Keith Aug 06 '12 at 19:59
  • Your code appears sound without studying it too deeply except for your initial if else clause. If it works once with it, and then never again it should definitely work without the initial if else clause. Remove it completely from your code and begin running it from the first else statement (remember to take out the else brackets) – GK1667 Aug 06 '12 at 20:03
  • I did try it with taking out the if($numrows == 1) clause it and still was a not working – Waggoner_Keith Aug 06 '12 at 20:05
  • For the time being I'll take your word that it's not working. When you've removed the if clause as I suggested, what is the error that you get back? – GK1667 Aug 06 '12 at 20:10
  • There is no error it goes all the way through and echo's out the statemtent just enters nothing into the database – Waggoner_Keith Aug 06 '12 at 21:01