-1

My problem count sql . 

<input name='d_n[]'> 
<input name='d_n[]'>

php page

post value Adam's 

foreach($ds_director as $key => $director){
  // my problem here //
  $DnumSql = "SELECT * FROM list WHERE ds_name = ?";
  $stmt = $con -> prepare($DnumSql);
  $stmt -> bind_param('s',$director);
  $stmt -> execute();
  $Dnum = $stmt->num_rows;
  echo "$Dnum"; // result again '0'
  /////////////
  if($Dnum == 0){
      $director_sql = mysqli_real_escape_string($con,ucwords($director));
      $Dsql =  "INSERT INTO movie_ds (ds_m_name, ds_name, ds_status) VALUES ('$director_sql', '$m_name', 'yönetmen')";
      $Dquery = mysqli_query($con,$Dsql);

      if($Dquery){
        echo "<p style='color:green'>good</p>";
      }else{
        echo mysqli_error($con);
      }
}else{
     echo "<p style='color:red;'>not save</p>";
}
}

Because of this problem the same value is recorded

UPDATE PROBLEM editted = array input

vciloglu
  • 526
  • 2
  • 7
  • 19

1 Answers1

1

Better to use prepare statement for this. It will automatically escape your string and prevent from sql injection

$sql = 'SELECT * FROM list WHERE d_n =?';
$stmt =$con->prepare($sql);
$stmt->bind_param('s', $_POST['d_n']);
$stmt->execute();
$numrows = $stmt->num_rows;
Saty
  • 22,443
  • 7
  • 33
  • 51