0

How to check if a $_GET variable exists in Database if it does not print an error. I am using this code:

$connection = mysqli_connect("localhost" , "root" , "" , "test");
$query = "SELECT site_title FROM websites";
$select_all_sites = mysqli_query($connection,$query);
$row_count = mysqli_num_rows($select_all_sites);

for ($i=0; $i < $row_count; $i++){ 
    $row = mysqli_fetch_assoc($select_all_sites);
    if($_GET['website'] == $row['site_title']){
        echo 'Success';
    }else{
        echo 'error';
    }
}

It prints too much errors or (the else condition remains always true.) Help me out.

Éderson Fernandes
  • 15
  • 1
  • 4
user617126
  • 1
  • 1
    A useful link for you; [How can I prevent SQL injection in PHP?](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php?rq=1) – Tom Feb 01 '17 at 11:00
  • 3
    Also, i would suggest to use PDO instead, it's more readable and easier to handle – Stoffo Feb 01 '17 at 11:02
  • There are no such things as for/else loops in PHP, unlike Python. You'll need to check the amount of rows you have before looping through them, and error if you don't have any. – Tom Feb 01 '17 at 11:03
  • print the `$_GET['website']` variable to see what is the value it has. Also `$row_count` value may have too much rows and only 1 is true for if condition – Riad Feb 01 '17 at 11:03

3 Answers3

0

It is not safe to directly throw any of php array variables into your query. You need to clean it. Consider using the mysqli_real_escape_string. Although i would suggest to make a switch to PDO.

Back to your question, why can't you use a while loop instead of the for loop. you need to check if the variable website actually exists or not. php's isset function will help. Try this:

<?php
if(isset($_GET['website'])){
   if($_GET['website'] == $row['site_title']){
#awesome! it matches
  } else{
     #it does not match
    }
} else{
#website $_GET variable does not exist. Handle error
     }
?>
Rotimi
  • 4,783
  • 4
  • 18
  • 27
-1

Please try below code and inform me if you will face any error.

<?php
$connection = mysqli_connect("localhost" , "root" , "" , "test");
$query = "SELECT site_title FROM websites";
$select_all_sites = mysqli_query($connection,$query);

while($row = mysqli_fetch_assoc($select_all_sites))
{
    if($_GET['website'] == $row['site_title'])
    {
        echo 'Success';
    }
    else
    {
        echo 'error';
    }
}
?>
Harsh Barach
  • 947
  • 9
  • 18
  • Your code prints too much 'errors' continuously. In this code the else condition is always true. – user617126 Feb 01 '17 at 17:36
  • I have solved the problem :) :) we should the keep the else condition or not equal condition outside the loop.then it will work perfect. If we keep not equal or else condition inside the loop it prints that alot of times. – user617126 Feb 01 '17 at 18:08
  • @user617126 I have just write a if condition for comparing the variables. Also i have temporary variables in if condition. I do not know which are the variables comes threw your code. You should use the correct variables in if condition then it will works fine. – Harsh Barach Feb 02 '17 at 05:35
-2

You will first have to do a check for is the get variable actually exists. You can do this with the PHP isset function http://php.net/manual/en/function.isset.php if it exists you can proceed to see if it is matching you site title like you do now.

Anoxy
  • 873
  • 7
  • 17