Validation of duplicate entries in field of html / PHP using $_POST

Question

paper_add.php is an html form to post values to another php page named paper_entry.php.

I would like to use validation for not allowing duplicate entries to go in database instead it would give them error message that some of the values are duplicate.

I tried comparing string but it only works if there are 2 variable, i also tried using in_array() but that didn't work. I am posting both pages so that if anyone could point me in the right direction, i would be really happy and continue my project.

I want to ensure that q1q1 is not the same as q1q2 and so on before i allow it to be inserted into the database

<?php include 'header.php'; ?>
<div class="container">
    <table class="table table-bordered">
        <thead>
            <tr>
                <th colspan='2'><u>Add Paper</u></th>
            </tr>
        </thead>
        <tbody>
            <form method="post" action="paper_entry.php">
            <tr>
                <td>Examination </td>
                <td><input type="text" required="required" class="form-control"   name="examination"></td>
            </tr>
            <tr>
                <td>Subject </td>
                <td><input type="text" required="required" class="form-control"   name="subject"></td>
            </tr>
            <tr>
                <td>Subject Code </td>
                <td><input type="text" required="required" class="form-control"  name="subject_code"></td>
            </tr>
            <tr>
                <td>Category</td>
                <td><input type="text" required="required" class="form-control"  name="category"></td>
            </tr>
            <tr>
                <td>Month & Year:</td>
                <td><input type="text" required="required" class="form-control"  name="month_year"></td>
            </tr>
            <input type="hidden" required="required" class="form-control"  name="created_by" value="<?php echo $_SESSION ['user'] ?>">
            <tr>
                <td>Question 1 (1) :</td>
                <td><input type="text" required="required" class="form-control"  name="q1q1"></td>
            </tr>
            <tr>
                <td>Question 1 (2) :</td>
                <td><input type="text" required="required" class="form-control"  name="q1q2"></td>
            </tr>
            <tr>
                <td>Question 1 (3) :</td>
                <td><input type="text" required="required" class="form-control"  name="q1q3"></td>
            </tr>
            <tr>
                <td>Question 1 (4) :</td>
                <td><input type="text" required="required" class="form-control"  name="q1q4"></td>
            </tr>
            <tr>
                <td>Question 1 (5) :</td>
                <td><input type="text" required="required" class="form-control"  name="q1q5"></td>
            </tr>
            <tr>
                <td>Question 1 (6) :</td>
                <td><input type="text" required="required" class="form-control"  name="q1q6"></td>
            </tr>
            <tr>
                <td>Question 1 (7) :</td>
                <td><input type="text" required="required" class="form-control"  name="q1q7"></td>
            </tr>
            <tr>
                <td>Question 1 (8) :</td>
                <td><input type="text" required="required" class="form-control"  name="q1q8"></td>
            </tr>
            <tr>
                <td>Question 2 (A) :</td>
                <td><input type="text" required="required" class="form-control"  name="q2qa"></td>
            </tr>
            <tr>
                <td>Question 2 (B) :</td>
                <td><input type="text" required="required" class="form-control"  name="q2qb"></td>
            </tr>
            <tr>
                <td>Question 2 (Or A) :</td>
                <td><input type="text" required="required" class="form-control"  name="q2qoa"></td>
            </tr>
            <tr>
                <td>Question 2 (Or B) :</td>
                <td><input type="text" required="required" class="form-control"  name="q2qob"></td>
            </tr>
            <tr>
                <td>Question 3 (A) :</td>
                <td><input type="text" required="required" class="form-control"  name="q3qa"></td>
            </tr>
            <tr>
                <td>Question 3 (B) :</td>
                <td><input type="text" required="required" class="form-control"  name="q3qb"></td>
            </tr>
            <tr>
                <td>Question 3 (Or B) :</td>
                <td><input type="text" required="required" class="form-control"  name="q3qob"></td>
            </tr>
            <tr>
                <td>Question 4 (A) :</td>
                <td><input type="text" required="required" class="form-control"  name="q4qa"></td>
            </tr>
            <tr>
                <td>Question 4 (B) :</td>
                <td><input type="text" required="required" class="form-control"  name="q4qb"></td>
            </tr>
            <tr>
                <td>Question 5 (1) :</td>
                <td><input type="text" required="required" class="form-control"  name="q5q1"></td>
            </tr>
            <tr>
                <td>Question 5 (2) :</td>
                <td><input type="text" required="required" class="form-control"  name="q5q2"></td>
            </tr>
            <tr>
                <td>Question 5 (3) :</td>
                <td><input type="text" required="required" class="form-control"  name="q5q3"></td>
            </tr>
            <tr>
                <td>Submit : </td>
                <td><input type="submit" name="submit"></td>
            </tr>
        </tbody>
    </table>
</div>

paper_entry.php

<?php
include 'header1.php';
$examination  = $_POST["examination"];
$subject      = $_POST["subject"];
$subject_code = $_POST["subject_code"];
$category     = $_POST["category"];
$month_year   = $_POST["month_year"];
$created_by   = $_POST["created_by"];

$q1q1  = $_POST["q1q1"];
$q1q2  = $_POST["q1q2"];
$q1q3  = $_POST["q1q3"];
$q1q4  = $_POST["q1q4"];
$q1q5  = $_POST["q1q5"];
$q1q6  = $_POST["q1q6"];
$q1q7  = $_POST["q1q7"];
$q1q8  = $_POST["q1q8"];
$q2qa  = $_POST["q2qa"];
$q2qb  = $_POST["q2qb"];
$q2qoa = $_POST["q2qoa"];
$q2qob = $_POST["q2qob"];
$q3qa  = $_POST["q3qa"];
$q3qb  = $_POST["q3qb"];
$q3qob = $_POST["q3qob"];
$q4qa  = $_POST["q4qa"];
$q4qb  = $_POST["q4qb"];
$q5q1  = $_POST["q5q1"];
$q5q2  = $_POST["q5q2"];
$q5q3  = $_POST["q5q3"];

include 'dbconnect.php';

$sql = "INSERT INTO paper (id , examination, subject,subject_code,category,month_year,created_by,q1q1,q1q2,q1q3,q1q4,q1q5,q1q6,q1q7,q1q8,q2qa,q2qb,q2qoa,q2qob,q3qa,q3qb,q3qob,q4qa,q4qb,q5q1,q5q2,q5q3)
          VALUES ('','$examination','$subject','$subject_code','$category','$month_year','$created_by','$q1q1','$q1q2','$q1q3','$q1q4','$q1q5','$q1q6','$q1q7','$q1q8','$q2qa','$q2qb','$q2qoa','$q2qob','$q3qa','$q3qb','$q3qob','$q4qa','$q4qb','$q5q1','$q5q2','$q5q3')";

if (mysqli_query($conn, $sql)) {
    echo "<center> <h2><a href='paper_list.php'> Paper Added, Click Here For List. </h2> </center></a>";
} else {
    echo "Error: " . $sql . "<br>" . mysqli_error($conn);
}

include 'footer.php';
?>

[Little Bobby](http://bobby-tables.com/) says ***[your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)***. Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! — Jay Blanchard, Apr 11 '17 at 14:49
Kindly ignore my unethical coding as this is just my college regular project that i am trying to do, it won't be used in reality. I am just having trouble to validate each field so that there are no similar values in any field and if there are it should give an error. I Tried comparing strings but it only accepts 2 variable at one time, i would like to compare all variable that will be going in database and cross check for duplicate entry. — Mohsin, Apr 11 '17 at 14:54
So do you want to ensure that q1q1 is not the same as q1q2 and so on before you allow it to be inserted into the database? So the user can't have the same information in any of the fields if they want it to submit? Or do you want to ensure that no one can submit the same question in the database that has already been submitted? — PhilS, Apr 11 '17 at 15:05
@PhilS I want to ensure that q1q1 is not the same as q1q2 and so on before i allow it to be inserted into the database — Mohsin, Apr 11 '17 at 15:13

score 1 · Accepted Answer · answered Apr 11 '17 at 19:44

You could do something like:

$post_array = [
        'q1q1' => 'test ', 
        'q1q2' => 'testing', 
        'q1q3' => 'test', 
        'q2qa' => 'tester', 
        'q2qoa' => 'test2', 
        'q3qob' => 'tests'
    ];

$keys = array_keys($post_array);

foreach ($keys as $key) {
    foreach ($post_array as $k => $v) {
        if ($key != $k) {
            if (trim(strtolower($v)) == trim(strtolower($post_array[$key]))) {
                echo "The value '{$v}' in {$key} matches the value in {$k}<br />";
            }
        } else {
            continue;
        }
    }
}

I have a gut feeling array_reduce would work better, but this should work, you'd need to modify it to suit your post array, I've just added default values here as an example. You could also do a similar approach with Javascript to do it client side.

All it does is loop the keys of your post array and then checks the values of the other items skipping the item it's comparing against. It means you'll get a result for each duplicate, but I assume you'll want to add a warning on all matches?

Anyway, hope it helps to get you closer to a solution.

It worked, Thank you very much for taking time to work on it @PhilS — Mohsin, Apr 17 '17 at 13:27

Validation of duplicate entries in field of html / PHP using $_POST

1 Answers1