7

I'm gathering info from a user and then adding them to a table. 

$insert = "INSERT INTO jos_activeagents (RINGPHONE, AGENTUID, FNAME, LNAME) VALUES ('(618) 717-2054','".$result['AGTBRDIDMM']."','".$result['AGTFNAME']."','".$result['AGTLNAME']."')";

$set = mysqli_query($link,$insert);

AGENTUID is a unique key. If a user tries to submit with a duplicate unique key, I get an error (of course).

Now, how would I go about knowing if and when an error occurred and then putting a response back to the page? I know of mysqli_get_warnings(), but the PHP manual doesn't show any examples.

I have also tried looking for the AGENTUID in the table first: 

$check = "SELECT * FROM jos_activeagents WHERE AGENTUID = '".$agt."'";

$runcheck = mysqli_query($link,$check);

$rescheck = mysqli_fetch_assoc($runcheck);

if($rescheck != null){

    echo 'This Agent ID is already enrolled.'

}

But this seems sloppy. Is there a better way do this?

Plummer
  • 6,522
  • 13
  • 47
  • 75
  • 1
    do not use mysql_* because... oh wait, someone that don't use mysql_*! congratulations! :D – STT LCU Apr 26 '13 at 14:22
  • 3
    While not using mysql_*, the data is being put directly inside of the query. If this isn't just an example, still possibly vulnerable to SQL injections! – WouterH Apr 26 '13 at 14:23
  • @WouterH: Even with the use of mysqli_real_escape_string? http://php.net/manual/en/mysqli.real-escape-string.php – Plummer Apr 26 '13 at 14:26
  • mysqli_query does **NOT** return null. either you get a statement handle, or a boolean false if there was a failure. – Marc B Apr 26 '13 at 14:27
  • You shouldn't need to use the escaping functions directly if you're using [SQL placeholders](http://bobby-tables.com/php) and `bind_param`. Do not use string concatenation to compose queries. You will get yourself into trouble eventually. – tadman Apr 26 '13 at 14:29
  • @MarcB: ok, so proper syntax is `if($whatever != false)`? – Plummer Apr 26 '13 at 14:29
  • `if (!$result) { die(mysqli_error());`. a select which returns no rows is **NOT** a failure. it's still a valid result set that happens to be an empty set. you need to explicitly check how many rows were (not?) retrieved, or try and fetch a row from the result set. fetching from an empty result set also returns false. never null. – Marc B Apr 26 '13 at 14:31

1 Answers1

8

You can use mysqli_error() to see if an error occurred

if (mysqli_error($runcheck ))
{
   // an error eoccurred
}

In your particular example you're better of checking if the row exists before doing the insert. Your example is close but would better using mysqli_num_rows():

$check = "SELECT * FROM jos_activeagents WHERE AGENTUID = '".$agt."'";
$runcheck = mysqli_query($link,$check);
if (mysqli_num_rows($runcheck) > 0)
{
    // username in use
}
John Conde
  • 217,595
  • 99
  • 455
  • 496
  • This approach uses a single query and returns a string indicating the status of the insert: http://stackoverflow.com/questions/13985950/mysql-if-exists-error – Mark Oct 24 '15 at 03:10
  • don't know why you hadn't got an up vote for a right answer. +1 my fellow chum – Kellen Stuart Sep 12 '16 at 15:06