-4

I've searched thoroughly and nothing seems to be working; I have this code here which posts into my database but the problem is I am trying to run a conditional which checks if a row exists using the mysqli_num_rows function, but it is not actually working. I have tried many different versions and other functions as well such as mysqli_fetch_row, but nothing seems to work. Here is my code:

if (!empty($_POST)) {
    $db_conx="";

    $name = $_POST['name'];
    $module = $_POST['module'];
    $secret = $_POST['secret'];
    $uid1 = $dmt->user['uid'];
    $queryA = "INSERT INTO table_a (uid1,name,module,secret) VALUES ('$uid1','$name','$module','$secret')";
    $resultA = mysqli_query($db_conx,$queryA);
    $queryB = "SELECT 1 FROM table_a WHERE name='$name' LIMIT 1";
    $resultB = mysqli_query($db_conx,$queryB);
    $resultC = mysqli_query($db_conx,$queryB);
    $query = mysqli_query($db_conx,"SELECT * FROM table_a WHERE name='$name'");
    if (empty($name)||empty($module)||empty($secret)) {
        echo "Oops! Can't leave any field blank <br />";
        exit();
    } elseif(mysqli_num_rows($query) > 0){
        echo "name already exists.";
        exit();
    } elseif ($db_conx->query($queryA) === TRUE) {
        echo "New record created successfully.";
        exit();
    } else {
        echo "Error: " . $queryA . "<br>" . $db_conx->error;
        exit();
    }
}

As you can see the query appears to run but indeed does not do what it's told.

RiggsFolly
  • 93,638
  • 21
  • 103
  • 149
Phil
  • 1
  • 1
  • *How* does it nor work? Do you get an error? What do you get? – John Conde May 22 '16 at 12:17
  • You're never checking the result of `$query` or any of the other query results so how are you sure that it's executing correctly? You're injecting SQL for one, so that could easily be the reason. (it also means that your code is incredible insecure) – h2ooooooo May 22 '16 at 12:18
  • Some sensible code indentation would be a good idea. It help us read the code and more importantly it will help **you debug you code** [Take a quick look at a coding standard](http://www.php-fig.org/psr/psr-2/) for your own benefit. You may be asked to amend this code in a few weeks/months and you will thank me in the end. – RiggsFolly May 22 '16 at 12:24
  • Why are you runing `$queryB` twice??? And then running the same query again into `$query` This code is basically nonsence! – RiggsFolly May 22 '16 at 12:27
  • _I've searched thoroughly_ I dont think so. A thorough search would have identified all the nonsence – RiggsFolly May 22 '16 at 12:29
  • **ALSO** Your script is at risk of [SQL Injection Attack](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Have a look at what happened to [Little Bobby Tables](http://bobby-tables.com/) Even [if you are escaping inputs, **and of course you are not** its not safe!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) Use [prepared statement and parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) – RiggsFolly May 22 '16 at 12:30

1 Answers1

0

The first line of code inside your IF is destroying the variable you are using to hold the database connection

if (!empty($_POST)) {
    $db_conx="";                // get rid of this line

So basically nothing using the mysqli API will work.

ALSO:

Add these as the first 2 lines of a script you are trying to debug

<?php 
error_reporting(E_ALL); 
ini_set('display_errors', 1);

as you are obviously not readng your php error log

RiggsFolly
  • 93,638
  • 21
  • 103
  • 149