0

I have two tables and I want to count how many 1 is in 1-2 table. If it is same amount than you can insert 1 if not than you can not insert 1 in to the table.

My code insert data even when it is equal or not:

<?php
    $msg = '';

    if(isset($_POST['rogzit_in'])) {

        $barcode = $_POST['barcode'];
        // Belépés ellenőrzése
        if(!isset($_POST['barcode'])) {

            $sql_barcodeInEll = "SELECT COUNT(barcode) FROM log_in WHERE barcode = '$barcode'";
            $result_barcodeInEll = mysqli_query($dbCon, $sql_barcodeInEll);

            $sql_barcodeOutEll = "SELECT COUNT(barcode) FROM log_out WHERE barcode = '$barcode'";
            $result_barcodeOutEll = mysqli_query($dbCon, $sql_barcodeOutEll);


            if(mysqli_num_rows($result_barcodeInEll) != $result_barcodeOutEll) {
                $msg = '<h4 class="col-12 text-center mb-3 text-danger">Már bejelntkezett!</h4>';
            }
        }

        if(isset($_POST['barcode'])) { 
            
                $sql_beszuras = "INSERT INTO log_in(barcode) VALUES ('$barcode')";
                if(mysqli_query($dbCon, $sql_beszuras)) { 
                    ?>
                    <script type="text/javascript">
                    window.location = "home.php/";
                    </script>      
                        <?php     
            }
        }        
    }
?>

Thank you for the help!

brombeer
  • 8,716
  • 5
  • 21
  • 27
Tóth László
  • 29
  • 6
  • You's always want if(isset($_POST['barcode'])) to be true. Since you're declaring the variable. Throw an error if $_POST['barcode'] is empty. If not do the comparison and after either on true redirect , false throw an error. – Kaede Nov 04 '21 at 11:59
  • **Warning:** You are wide open to [SQL Injections](https://php.net/manual/en/security.database.sql-injection.php) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/5741187) – Dharman Nov 04 '21 at 12:11
  • Why not do it all in SQL? – Dharman Nov 04 '21 at 12:12
  • What should I change or do? – Tóth László Nov 04 '21 at 12:13

0 Answers0