2

I'm trying to compare two input values with two values from a SAME ROW, from a MySQL table. But I always get an error message. What is wrong in this code? (It worked fine with just one input)

// Check connection
if (mysqli_connect_errno()) {
 echo "Failed to connect to MySQL: " . mysqli_connect_error(); 
}


// escape variables for security

$numero_cedula = mysqli_real_escape_string($con, $_POST['numero_cedula']);
$codigo= mysqli_real_escape_string($con, $_POST['codigo']);


$sql1 = " SELECT Numero Cedula   FROM Teste   WHERE Numero Cedula=$numero_cedula
  AND Chave=$codigo";

$objGet = mysqli_query($con, $sql1);


if( mysqli_num_rows($objGet) > 0 ) {
echo "Duplicate";  
} else {
 echo "Not a duplicate";
}
JNevill
  • 46,980
  • 4
  • 38
  • 63
manuel mourato
  • 801
  • 1
  • 12
  • 36
  • @getlost , it's an error that has always meant that I have a syntax error in my code. More specifically: Internal Server Error The server encountered an internal error or misconfiguration and was unable to complete your request. – manuel mourato Oct 18 '14 at 02:14
  • @manuelmourato Consult [**my answer**](http://stackoverflow.com/a/26435995/1415724) below. – Funk Forty Niner Oct 18 '14 at 04:03

2 Answers2

1

Although spaces in column names are allowed in SQL, the reason for this (in your case) is because the column name Numero Cedula contains a space:

                      v -- space                     v -- space
$sql1 = "SELECT Numero Cedula FROM Teste WHERE Numero Cedula=$numero_cedula
  AND Chave=$codigo";

Change it to the following while wrapping the column name in backticks:

$sql1 = "SELECT `Numero Cedula` FROM Teste WHERE `Numero Cedula`=$numero_cedula
  AND Chave=$codigo";

Plus, make sure that both $numero_cedula and $codigo are integers, and that your columns are also int types.

If they are not, then both will need to be wrapped in quotes.

I.e.: 

$sql1 = "SELECT `Numero Cedula` FROM Teste WHERE `Numero Cedula`='$numero_cedula'
  AND Chave='$codigo'";

Add or die(mysqli_error($con)) to mysqli_query() which will show you the error in SQL.

  • You can also rename the column in your database to Numero_Cedula using an underscore.

Sidenote:

You wrote: "It worked fine with just one input".

You will need to elaborate on that and whether your table contains two seperate columns such as Numero and Cedula or one Numero Cedula.

However, using this method is subject to SQL injection. Use prepared statements, or PDO with prepared statements.

An insight:

Also make sure that your form elements are named.

I.e.: name="numero_cedula" and name="codigo"

Add error reporting to the top of your file(s) which will help find errors.

error_reporting(E_ALL);
ini_set('display_errors', 1);

Sidenote: Error reporting should only be done in staging, and never for production.

Community
  • 1
  • 1
Funk Forty Niner
  • 74,450
  • 15
  • 68
  • 141
0

You have created a column name with space. So in SQL it will consider only Numero as a column name. What you can do is. Enclose your column name with a back quote ( ` ). Or remove space from column name.

Hope this helps you. :)

Sarjit Delivala
  • 567
  • 2
  • 13
  • 25