3

My case now is every username can select the items in spinner one time only. Mean if the spinner has 5 item, the user can choose all of them but all of them just can one time only. Below are my select data php:

<?php 

if($_SERVER['REQUEST_METHOD']=='POST'){

//Getting values
$username = $_POST['username'];

$name = $_POST['name'];

//Creating an sql query

$sql = "INSERT INTO Selection (username, name) VALUES 
('$username','$name')"; 
//Importing our db connection script
 require_once('dbConnect.php');

//Executing query to database
if(mysqli_query($con,$sql)){
echo 'Select Successfully';
}else{
echo 'Sorry, You Already Select it Before';
}

//Closing the database 
mysqli_close($con);
}

The name in this php means the item in spinner. I am no idea how to set every username can select all the item in spinner one time only. I am using localhost phpmyadmin.

  • Your code is vulnerable to [**SQL injection**](https://en.wikipedia.org/wiki/SQL_injection) attacks. You should use prepared statements with bound parameters, via either the [**mysqli**](https://secure.php.net/manual/en/mysqli.prepare.php) or [**PDO**](https://secure.php.net/manual/en/pdo.prepared-statements.php) drivers. [**This post**](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) has some good examples. – Alex Howansky Aug 08 '17 at 03:53

3 Answers3

1

Why are you not testing if the entry is already on database before you do insert? May be this (Untested) code might help:

if($_SERVER['REQUEST_METHOD']=='POST')
{
    //Getting values
    $username = $_POST['username'];
    $name = $_POST['name'];

    //Importing our db connection script
     require_once('dbConnect.php');

    //Creating an sql query
    $check_sql = "SELECT * FROM Selection WHERE username='$username' AND name='$name' LIMIT 1";
    $check_res = $mysqli->query($con,$check_sql);
    if($check_res && mysqli_num_rows($check_res) >0)
    {
        echo 'Sorry, You Already Select it Before';
    }
    else
    {
        $sql = "INSERT INTO Selection (username, name) VALUES ('$username','$name')"; 
        if(mysqli_query($con,$sql))
        {
            echo 'Select Successfully';
        }
        else
        {
            echo "Select failed for some other reason";
        }
    }

    //Closing the database 
    mysqli_close($con);
}
Amit Joshi
  • 1,334
  • 1
  • 8
  • 10
1

I think for checking the user to spin it only once only you need to add a flag in your database structure such as 

 u_id | flag |
--------------
  1   | 1    
--------------

So that when retrieving or fetching or you can say while checking you just have to make sure that this particular u_id has already spin it once so further it can't be allowed.

So before inserting check the username or user_id of particular.

$sql = "SELECT u_id from user_spins table where u_id = 1 AND flag = 1";
//if yes then don't allow to proceed 
//if no then insert into User_spins table
$sql = "INSERT INTO User_spins (u_id, name,flag) VALUES 
('$username','$name',1)"; 
//Importing our db connection script
 require_once('dbConnect.php');
Jaymin
  • 1,643
  • 1
  • 18
  • 39
1

You can specify unique constraint for username and name columns.

Alter the Selection table using this code:

ALTER TABLE `Selection` ADD UNIQUE `unique_index`(`username`, `name`);

Now if you try to insert any username and name pair that is already inserted, will fail.

Mahbubul Islam
  • 998
  • 1
  • 10
  • 24