0

As a beginner in php I`m getting stuck in such apparently simple looking problems given below.

I have a function called checkAvailability(), it takes two parameters and returns true or false.

$check = checkAvailability($name,$appointmentDate);

    if($check){

      $sql = "INSERT into appointments(Name,Address,Phone,Car_license_No,Car_Engine_No,Date,Mechanic) value('$name','$address','$phone','$license','$engine','$appointmentDate','$mechanic');";

    if(mysqli_query($db,$sql) == TRUE){

        echo '<script type="text/javascript">';
        echo 'alert("Submission Done");';
        echo '</script>';
    }
    else{

        echo '<script type="text/javascript">';
        echo 'alert("Submission Failed");';
        echo '</script>';
    }
    }

Data should get stored in database only when $check is true. The checkAvailability()is as follows, 

function checkAvailability($mechanicName,$date){

        global $justin;

        if($mechanicName == 'Justin'){
            if($justin < 4){
                $justin++;
            }
            else{
                echo '<script type="text/javascript">';
                echo 'alert("Justin is not available");';
                echo '</script>';
                return false;
            }

            for($i=0;$i<count($dateJustin);$i++){
                if($date == $dateJustin[$i]){
                    echo '<script type="text/javascript">';
                    echo 'alert("Choose another date");';
                    echo '</script>';
                    return false;
                }
            }

            $dateJustin[$j] = $date;
            $j++;

            return true;
        }
    }

The problem is in the function. I have checked that while running it reaches inside the function but it does not enter the if block if($mechanicName == 'Justin') though I am entering the name Justin as input each time.

Searched for relevant answers but none of those worked for me. Thanks in advance.

Ratnadeep Chakraborty
  • 31
  • 1
  • 1
  • 8
  • echo $mechanicName in the function and check its value. – Ravinder Reddy Mar 01 '17 at 19:03
  • how about you add a line right before the global statement: `var_dump($mechanicName);` to see if it displays what you were expecting. – Sablefoste Mar 01 '17 at 19:04
  • You are looking for an [SQL injection attack](http://stackoverflow.com/q/60174/1255289)? Seems like it. – miken32 Mar 01 '17 at 19:05
  • @miken32, while technically you are probably correct, we don't know where the variables came from. It is possible the OP just assigned the variables in code. I think there are enough warnings out there about SQL injection on Stack Overflow that are more relevant to the question. – Sablefoste Mar 01 '17 at 19:08
  • @Sablefoste There are clearly not enough warnings if people are still writing queries like this. – miken32 Mar 01 '17 at 19:09
  • You are using the variable `$dateJustin` in your function but it isn't defined within the function before using it, declared global or passed into the function. Your for loop would run zero times. – Jonathan Kuhn Mar 01 '17 at 19:12
  • Actually, the problem is in this line.. if($mechanicName == 'Justin'). I`m passing the $name variable as parameter which has the value 'Justin', but it is not entering that if block. – Ratnadeep Chakraborty Mar 01 '17 at 19:20

0 Answers0