-1

When I type a code into my form I want my PHP code to check on submit that the code exists in the database and then run MySqli query. I have tried to do that but I get error Cannot use isset() on the result of an expression (you can use "null !== expression" instead) I have Googled the problem but not a single one did help me to solve or understand my problem.

FORM

<p><b>Skriv in din laddkod nedan och tryck på "Ladda"</b></p>
<form action="laddaklar.php" method="post">
<input type="text" name="laddkod"/>
<input type="submit" name="submit" value="Ladda" />
</form>

PHP

<?php 

session_start();

    $mysqli = NEW MySQLI ('localhost', 'root', '', 'ph');

    $laddkod = isset($_POST['laddkod']) ? $_POST['laddkod'] : '';



    $kod= "SELECT refill from card_refill"; 
    $result = $mysqli->query($kod);


    if(isset($_POST['submit'] && $laddkod==$result)){


     $resultSet = $mysqli->query ("UPDATE card_credit SET value= value + (select credit from card_refill WHERE refill='" . $_POST['laddkod'] . "') WHERE card_id = '" . $_SESSION['card'] . "' ");

 echo "<b>Ditt kort har laddats!</b>";
}
else
{
    echo "Fel laddkod";
}
Jay Blanchard
  • 34,243
  • 16
  • 77
  • 119
Fredrik
  • 191
  • 1
  • 9
  • Shouldn't be `if(isset($_POST['submit']) && $laddkod==$result){` ? isset not closed correctly!! – Thamilhan Jan 13 '16 at 18:45
  • can you tell us what it is you want to do here exactly? even with the syntax error, your code makes no sense. – Funk Forty Niner Jan 13 '16 at 18:45
  • The reason why the mysql library was depreciated in PHP was because of the easy mysql injection, when I see this code I see now that mysqli has made no difference and this is going to start all over again. I would recommend usind PDO instead. – Xorifelse Jan 13 '16 at 18:50
  • 1
    @Xorifelse the use of PDO alone does not safeguard against a possible SQL injection; a prepared statement does and mysqli_ does have that option to use it also. ;-) – Funk Forty Niner Jan 13 '16 at 18:51
  • @Fred-ii- I know it does, but PDO forces someone to code object orientated which hopefully making somebody more aware of these things. – Xorifelse Jan 13 '16 at 18:54
  • @Xorifelse depending on their PHP version, they may not have access to PDO through the MySQL library, but through PostgreSQL. But yeah, PDO's nice to work with. – Funk Forty Niner Jan 13 '16 at 18:55
  • So, I take it we're talking amongst ourselves here. Had [this comment](http://stackoverflow.com/questions/34774626/check-submit-form-input-with-mysqli-database#comment57294304_34774626) been answered, maybe this would have expedited things here. Do feel free to join in here at anytime, *don't be shy*. ;-) – Funk Forty Niner Jan 13 '16 at 19:00
  • @Fred-ii- I have tried as JayBlanchard suggested. But without any progress. I've double-checked so that a query is correct and it is. What I want to do is type a code in the form and then check if exists in the database and if it does exist load that account with money. – Fredrik Jan 13 '16 at 19:22
  • had I known that in the first place, I'd of answered this within 30 seconds of your initial post. But my comment was never replied to, so I have moved on. – Funk Forty Niner Jan 13 '16 at 19:25
  • I'm sorry @Fred-ii- im tryind to find answears, undersand and learn. I'm sorry :( – Fredrik Jan 13 '16 at 19:26
  • what you need to do here is to check if a row exists bearing the values you're looking to match against. Consult my answer here http://stackoverflow.com/a/22253579/ it shows you how to do this and you can base yourself on that model to get you started, *good luck*. – Funk Forty Niner Jan 13 '16 at 19:46

1 Answers1

3

The error that you're getting:

Cannot use isset() on the result of an expression

Is caused by what looks like an attempt to use an expression here:

if(isset($_POST['submit'] && $laddkod==$result)){...

You have to close the isset() properly and remove the spurious extra ):

if( isset($_POST['submit']) && $laddkod==$row['refill'] ){...
-----------------------add^  --------------------remove^

Furthermore you're not fetching any row results for the first query: 

$kod= "SELECT refill from card_refill"; 
$result = $mysqli->query($kod);
$row = $result->fetch_assoc(); // The value will be in the $row array

Then you appear to never execute the UPDATE query.

Additionally it is not clear where you're setting $_SESSION['card'], but you will want to make sure it is set before attempting the UPDATE query.

Jay Blanchard
  • 34,243
  • 16
  • 77
  • 119
  • Nicely spotted, I looked over it :) – Xorifelse Jan 13 '16 at 18:55
  • @JayBlanchard Thanks alot that did it and it dosent show the error now. But it dosent check if $laddkod=$kod. It just give my output that the right code is wrong. What could be the problem? – Fredrik Jan 13 '16 at 18:57
  • `$result` in your line of code is either false (failed query) or a `resultset` which would never compare with a `string`. You'd first have to fetch a row from the `resultset` in order to get the data you want. – Xorifelse Jan 13 '16 at 19:00
  • You have to fetch the value from `$result` using something like [`fetch_assoc()`](http://php.net/manual/en/mysqli-result.fetch-assoc.php) – Jay Blanchard Jan 13 '16 at 19:00
  • @JayBlanchard I have now tried as you suggested but without any progress. I've double-checked so that a query is correct and it is. – Fredrik Jan 13 '16 at 19:19
  • What is in the `$row` array @Fredrik? – Jay Blanchard Jan 13 '16 at 19:23
  • What i understand the `$row` should have the existing `refill` code in the database? – Fredrik Jan 13 '16 at 19:29
  • It should, but you should spit it out to make sure. `print_r($row);` – Jay Blanchard Jan 13 '16 at 19:29
  • it prints out `Array ( [refill] => refill500 ) 1`, whatever i type. `refill500` does exists. In `card_refill` i have 2 refill codes `refill500` and also `refill100` @JayBlanchard – Fredrik Jan 13 '16 at 19:36
  • 1
    So you will need to compare like this `$laddkod==$row['refill']` @Fredrik. See my edited answer above. – Jay Blanchard Jan 13 '16 at 20:37
  • 1
    You are awesome. Your answear worked :D Thanks a lot :D – Fredrik Jan 13 '16 at 20:44