1

I have read all the information in the previous questions and I did, but unfortunately I did not receive a positive answer. I want to store the information that is posted from Android into Database Provided that this information is not already available This is my php code and it's not a problem to send information from Android :

<?php
if($_SERVER['REQUEST_METHOD']=='POST'){
    define('DB_USERNAME', '***');
    define('DB_PASSWORD', '***');
    define('DB_HOST', 'localhost');
    define('DB_NAME', '***');

    $conn = new mysqli(DB_HOST, DB_USERNAME, DB_PASSWORD, DB_NAME);
    $username = $_POST['username'];
    $photo = $_POST['photo'];
    $code = $_POST['code'];

    $strSQL = " INSERT INTO checkout_page (code , username ,photo , isactive) VALUES('$code' , '$username' , '$photo' , 'TRUE')";

    if(mysqli_query($conn,$strSQL)){
        echo "insert";
    }

    mysqli_close($conn);
}else{
    echo "problem";
}
Oper
  • 29
  • 4
  • 2
    Can you describe the problem a bit more? What does your current code do? Does it insert duplicate records? Does it not work? Are there any errors? – Don't Panic Sep 27 '18 at 22:42
  • 1
    @Oper, could you please explicit the problem you encountered? If You want the row to be unique in DB then ensure one of the entered keys is UNIQUE. – Gratien Asimbahwe Sep 27 '18 at 22:43
  • 4
    Your code is vulnerable to [**SQL injection**](https://en.wikipedia.org/wiki/SQL_injection) attacks. You should use prepared statements with bound parameters, via either [**mysqli**](https://secure.php.net/manual/en/mysqli.prepare.php) or [**PDO**](https://secure.php.net/manual/en/pdo.prepared-statements.php). [**This post**](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) has some good examples. – Alex Howansky Sep 27 '18 at 22:44
  • @Don'tPanic The code is completely correct and works, but I want this code to run only when it has not already been executed. Clearer when the row is not already added – Oper Sep 27 '18 at 22:46
  • 1
    Also, some advice -- don't use strings like `TRUE` and `FALSE` for boolean fields. Instead use values that evaluate correctly in a boolean context, like 0 and 1. – Alex Howansky Sep 27 '18 at 22:50
  • 2
    _"when the row is not already added"_ Do you mean the whole row, with those same values? Or just any row for that code? – Alex Howansky Sep 27 '18 at 22:52
  • @AlexHowansky no , i mean any row for any data posted from android – Oper Sep 27 '18 at 22:55
  • 1
    _"any row for any data"_ Please post examples of data which should be allowed and which shouldn't be. – Alex Howansky Sep 27 '18 at 23:01
  • @AlexHowansky With the code I've written, the information I get from Android comes in the row in the database. I want this information to be placed once and not inserted for the second time or updated with new information. – Oper Sep 27 '18 at 23:04

2 Answers2

1

I just add ON DUPLICATE KEY UPDATE . this is solution :

$strSQL = " INSERT INTO page (id , code , username ) VALUES('$id' , '$code' , '$username' ) ON DUPLICATE KEY UPDATE code='$code')";

tnx everyone for help!

Oper
  • 29
  • 4
0

One thing you can do is to make sure you have a primary key or unique key in your checkout_page table, and instead of doing an if else, you would do try/catch. Your code will execute everytime, but will only insert one record for each code for example (assuming code is the PK). Another way to do so is to run a query before your insert to check if you already have this record inserted, and only execute your insert when the query returns no results.

Hady Lattouf
  • 43
  • 8