0

I tried searching for codes that can help me with my problem but then I can't seem to make it work. I am new to coding these certain things. This is my first year, first semester with php actually. I hope you can help me with my project.

<?php

    $fullname = $_POST['fullname'];
    $gradelevel = $_POST['gradelevel'];
    $section = $_POST['section'];
    $servername = "localhost";
    $username = "root";
    $password = "";
    $database = "onlinevoting";



    $dbc = mysqli_connect('localhost', 'root', '', 'onlinevoting')
        or die('Error connecting to MySQL server.');

    $query = "INSERT INTO student_names (fullname, gradelevel, section)".
        "VALUES ('$fullname', '$gradelevel', '$section')";



    $result = mysqli_query($dbc, $query)
        or die('Error querying databse.');

    mysqli_close($dbc);


    header("Location: startvote.html");

    ?>
C0L
  • 13
  • 1
  • Before inserting your username create a script to check if the created username is already available in DB –  Jan 01 '20 at 15:42
  • 1
    you are wide open to sql injection use prepare statement https://www.php.net/manual/tr/mysqli.prepare.php –  Jan 01 '20 at 15:43
  • It's a confusing question. Where is the username and which is the exact question you have? – jeprubio Jan 01 '20 at 15:43
  • How do I do that? I'm sorry, I really have no idea. – C0L Jan 01 '20 at 15:43
  • oh, what i mean there is for the fullname – C0L Jan 01 '20 at 15:44

1 Answers1

0

If there is a column with the username creating a unique index on that column seems a good option. If you want to do this, that must be done on the database squema, not on this code.

Then you only need to check whether the insert instruction returns an error or not.

And use prepared statements to prevent from sql injection as Dilek said in the comment.

jeprubio
  • 17,312
  • 5
  • 45
  • 56
  • I actually want to make the browser send something to the user if the fullname they entered is already in the database. I'm clueless to this since its my first semester with Php. – C0L Jan 01 '20 at 15:50
  • No problem. If the insert fails you can get the error and check if it's due to that unique index and then show the message you want to the user. It's not the only way but for me it's the easiest one and the one which performs best. – jeprubio Jan 01 '20 at 15:51
  • Can you show me the codes on how to do it? – C0L Jan 01 '20 at 15:52
  • Have a look at this https://www.mysqltutorial.org/mysql-unique/ Here there is all you need. – jeprubio Jan 01 '20 at 15:54
  • It's curious the answers of the other linked question (the duplicated one) are all focused on executing more php code instead of letting the database do the job in a more efficient way. They are also valid, I'm pretty sure it's more efficient doing it the way the linked tutorial says, it's how I've always done it, but you can choose the way you prefer. – jeprubio Jan 01 '20 at 16:10
  • ohhh wow, thanks, but if i set it to unique the message will be my default "Error querying database", how do i change the message? – C0L Jan 01 '20 at 16:12
  • You receive the message in your code when the insert is done. But it's a variable with the description. Then you can show the message you want to the user, nothing forces you to show to the user the error message, you can do whatever you want with it. What I prefer is to check if the message contains the message that is duplicated show your custom error. Otherwise, show the returned message. – jeprubio Jan 01 '20 at 16:16
  • No problem. I don't know if you can mark the answer as correct once it has been marked as duplicated but I'm really glad to help anyway. – jeprubio Jan 01 '20 at 16:29