-1

Is there a way to take a value supplied by a user on the front end and compare it with all values in the database without getting the data from the database and supplying it to the front end? For security purposes I do not want to supply the front end with the values unless there is a match in the database.

example: user enters their "coupon code" on the front end the code checks the value against the actual "coupon code" values in the database and only if there is a match does it return the data from the matching record and supply it to the front end

Jeff Sayers
  • 117
  • 1
  • 9

1 Answers1

0

Certainly. You simply need to construct a query, and at that point you have a few options. One way is to do a count() query and only proceed if the count is > 0. The other is to issue the query, and use the client library feature to determine if there are results.

The specifics require a bit more information in regards to the database and client library you are utilizing in your code, not to mention the schema (table structure(s)) and the query(s) you are using.

For something as simple as finding a coupon row by some sort of id string, I would probably opt for the 2nd option, and run the query and check for a result.

Then your code checks that result set count with an if() and proceeds to fetch the row, or prints out your error/coupon not found message if not.

Just taking a wild guess that you might be using MySQL:

With mysqli With PDO it is typically best to just query and fetch the data (as this should be either one row or none) and then check the result variable

$data = $pdo->query("SELECT * FROM table WHERE ...")->fetchAll();
if ($data) {
    // There's a coupon
} else {
    // There is no coupon
}

It's actually more complicated than that, because you should be using prepare to bind the variable and execute, but the basic idea is the same.

gview
  • 14,876
  • 3
  • 46
  • 51