Finding User in Two Different Tables to Match Together

Question

I am trying to pair every new user to another user from two different tables .i.e Tables 1 Men, Table 2 Women, using the registered user data. My problem is if there no users in Men then the query should look into Women table and find match based on time in ascending order using 24hours timeline

$query = "INSERT INTO tb_users (username, password, ip, email, bank, norek, nama, namalengkap, alamat, kota, country, kodepos, 
phone) 
VALUES('$username','$pass','$laip','$email','$bank','$norek','$nama','$namalengkap','$alamat', '$kota', '$country','$phone')";
mysqli_query($query)


// To Find Match from Here using readygh and 24 hours timelin

if(mysqli_num_rows($gh =mysqli_query("select * from tb_gh where readygh='1' ORDER BY datetime ASC",$con))>0){

$row=mysqli_fetch_array($gh);
    //Extract Data if match found in tb_gh query should Stop Here But If Not Found


}

else  //Then Query should Search Find Match in tb_users
{

$ghadmin = mysqli_query("Select * from tb_users where username='admin' ORDER BY id DESC limit 1");


$ghadmin_row=mysqli_fetch_array($ghadmin);

while(mysqli_num_rows ==1)

$ghadm_username =$ghadmin_row['username'];

$ghadm_fname =$ghadmin_row['namalengkap'];

$ghadm_phone =$ghadmin_row['phone'];

$ghadm_bank =$ghadmin_row['bank'];

$ghadm_acc_num =$ghadmin_row['norek'];

$ghadm_acc_name =$ghadmin_row['nama'];

// Elseif // Match Fo

//If Match found in 
$admph = mysqli_query("INSERT INTO tb_match(idtrx,ph_username,ph_phone,gh_username,gh_name,gh_acc_name,gh_acc_number,gh_phone) 
VALUES ('uniktrx','$username','$phone','$ghadm_username','$ghadm_fname','$ghadm_acc_name','$ghadm_acc_num','$ghadm_phone'",$con);


exit;


}
?>

[Little Bobby](http://bobby-tables.com/) says ***[your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)*** Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! [Don't believe it?](http://stackoverflow.com/q/38297105/1011527) — Jay Blanchard, Feb 27 '17 at 17:14
**Never store plain text passwords!** Please use PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html) to handle password security. If you're using a PHP version less than 5.5 you can use the `password_hash()` [compatibility pack](https://github.com/ircmaxell/password_compat). Make sure you ***[don't escape passwords](http://stackoverflow.com/q/36628418/1011527)*** or use any other cleansing mechanism on them before hashing. Doing so *changes* the password and causes unnecessary additional coding. — Jay Blanchard, Feb 27 '17 at 17:15
`while(mysqli_num_rows ==1)` will cause an infinite loop, you should find a different test, like `while($ghadmin_row=mysqli_fetch_array($ghadmin))` — Jay Blanchard, Feb 27 '17 at 17:16

Finding User in Two Different Tables to Match Together

0 Answers0