Insert date with a condition in PHP

Question

Good evening everyone, I have a table conge (id_conge, number_day, year, id_employe) I would like to insert data but I want each employee take for each year 20 days he can not take more than 20 days each year.

Here is my code:

       public function create(conge $conge){
        $this->makes();
        $id_employe=$_POST['id_employe'];
        $number_day=$_POST['number_day'];
        $nb_jours = $this->pdo->query('SELECT nombre_jour FROM conge WHERE id_employe = '.$id_employe.' AND number_day= '.$number_day);
        $nb_conge = 0;

        // Calcul du total pour chaque congés de l'année
        foreach($nb_jours as $jour) {
            $nb_conge = $nb_conge+$jour;
        }
         if ($nb_conge <= 20) {

        $this->st=$this->pdo->prepare("insert into conge values(:id_conge,:number_day,:year,:id_employe)");

    $this->st->bindvalue(':id_conge',$conge->getid_conge(),pdo::PARAM_INT );

 $this->st->bindvalue(':number_day',$conge->getnumber_day(),pdo::PARAM_INT );

 $this->st->bindvalue(':year',$conge->getyear(),pdo::PARAM_INT );
        $this->st->bindvalue(':id_employe',$conge->getid_employe(),pdo::PARAM_INT );
        $exe=$this->st->execute();
        }else{
        echo("erreur echec");
        }

        }}

And thank you

Please rephrase your question so that it is easy to understand. Thx. — waterloomatt, Sep 27 '17 at 17:08
I have to admit I'm not quite certain I understand what you're asking, can you rephrase your post to make it clear, even as a few algorithmic steps if you must, what data you need in order for the consumers of that data to do what they need to do? (e.g.: presumably that '20' is stored in a different table, so why not just store the number of days taken so far in the user table, for each user?) — Mike 'Pomax' Kamermans, Sep 27 '17 at 17:09
You code is at risk of [SQL Injection](https://stackoverflow.com/questions/601300/what-is-sql-injection) (at the first select). — litelite, Sep 27 '17 at 17:09
@litelite the code uses a PDO prepared statement and late value binding with library-handled safeties, what part of it can be further improved? — Mike 'Pomax' Kamermans, Sep 27 '17 at 17:10
@Mike'Pomax'Kamermans He uses it for the `INSERT` but not the `SELECT` — litelite, Sep 27 '17 at 17:10
ah, good point. To add to that, then: always use a different set of credentials for your reads vs. writes, because no amount of hackery should lead to a SELECT call modifying anything, even if someone managed to trick it into becoming an UPDATE or DELETE. — Mike 'Pomax' Kamermans, Sep 27 '17 at 17:11
I just want to insert data in my table conge but I want to insert the person who have a day number less than 20 days but for each year for exemple: id conge:1 id_employe:455 numbre_day:25 annee:2017 Erreur — Igoussam, Sep 27 '17 at 21:27

Insert date with a condition in PHP

0 Answers0