-1

I'm trying to check if a string is already present in my database.

UPDATED:

if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}

// Start SQL check
$steamid = $_POST["steamid"];


$sql = "SELECT steamid FROM blacklist WHERE steamid = $steamid";


if ($result=mysqli_query($con,$sql))
{
// Return the number of rows in result set
$rowcount=mysqli_num_rows($result);
}

if($rowcount >=1)   
{


    echo "not added as we already have steam id in databse";


}
else
{

echo "code to add it here";
    //SteamID not in database
     //Add it to databse
     $sql = "INSERT INTO blacklist (steamid, permBanned)
            VALUES ('$steamid', false)";

    mysqli_query($con,$sql);
      echo "Added to blacklist";

}       


mysqli_close($con);

The insert does work but the select and checking to see if it exists doesn't. I don't know why?

Thanks for any help.

(Table structure: blacklistID : autonumber, steamid : string, permBanned : bool)

So I updated it to try and use MySQLi but I don't seem to be getting anywhere with this.. Can anyone now help? I really appreciate it.

user3385923
  • 9
  • 3
  • 1
    Why do you have curly braces around `$steamid`? – thatidiotguy Nov 24 '14 at 18:19
  • 3
    Because, you're mixing MySQL APIs. – Funk Forty Niner Nov 24 '14 at 18:20
  • Ah I see. Yes, you are using a ordinary `mysql` PHP function, but you made a `mysqli` connection at the top. You should only use `mysqli` or `pdo` as ordinary `mysql` functions have been deprecated in PHP as stated in the docs for `mysql_query`. – thatidiotguy Nov 24 '14 at 18:21
  • @thatidiotguy curly braces are harmless here – outlyer Nov 24 '14 at 18:23
  • @outlyer How so? Could you link to the PHP documentation that states that? I would think the curly braces are put into the final SQL statement. – thatidiotguy Nov 24 '14 at 18:25
  • 1
    @thatidiotguy [See section "Complex (curly) syntax"](http://php.net/manual/en/language.types.string.php) in the PHP manual for strings – outlyer Nov 24 '14 at 18:28
  • @outlyer Thank you for the link. Leave it to PHP to have features I have never heard of before despite years of working with the language. – thatidiotguy Nov 24 '14 at 18:30
  • if you were using [prepared statements](http://en.wikipedia.org/wiki/Prepared_statement), *and you should be*, the curly braces would be irrelevant. – Jay Blanchard Nov 24 '14 at 18:30
  • @ OP: You also need to pass DB connection to your query. Who's brave enough to put in an answer? How about you @JayBlanchard ? ;) hehe should be an easy one. – Funk Forty Niner Nov 24 '14 at 18:31
  • What? With normalizing the functions, making it into a prepared statement and all of that @Fred-ii- I'm not typing fast enough today. :) – Jay Blanchard Nov 24 '14 at 18:35
  • 1
    @JayBlanchard I'll pass on it too. I stand at being downvoted because of not drawing up new code as a prepared statement (it's that time of day I guess); *non merci!* ;) – Funk Forty Niner Nov 24 '14 at 18:37
  • @user3385923 please change your code to reflect on MySQL API (preferably `mysqli_`) and then let us know you've made changes and what didn't work after those changes. – Jay Blanchard Nov 24 '14 at 18:53
  • @JayBlanchard I updated the code I think correctly. Could you take a look at it? – user3385923 Nov 24 '14 at 19:38
  • You're not getting any errors at all? – Jay Blanchard Nov 24 '14 at 19:43
  • Ah.. Undefined variable: rowcount - didn't see that a moment ago, my bad. How would I fix this? – user3385923 Nov 24 '14 at 19:46

1 Answers1

-2

Try 

$sql = mysql_query("SELECT steamid FROM blacklist WHERE steamid =". $steamid);

if(mysql_num_rows($sql)>0)
{


echo "not added as we already have that ID in the database";

}
Funk Forty Niner
  • 74,450
  • 15
  • 68
  • 141
Jyrone Parker
  • 37
  • 7
  • 1
    Please, [don't use `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php), They are no longer maintained and are [officially deprecated](https://wiki.php.net/rfc/mysql_deprecation). Learn about [prepared statements](http://en.wikipedia.org/wiki/Prepared_statement) instead, and use [PDO](http://us1.php.net/pdo) or [MySQLi](http://us1.php.net/mysqli). – Jay Blanchard Nov 24 '14 at 18:21
  • 2
    OP is clearly mixing APIs and you also need to use the same API for the query as is the connection. Those two do not mix together. – Funk Forty Niner Nov 24 '14 at 18:47