-1

i have a variable declare on my php like this

      $kode = mysqli_real_escape_string($conn, $_POST["kode"]);
              $nama = mysqli_real_escape_string($conn, $_POST["nama"]);
              $hargabeli = mysqli_real_escape_string($conn, $_POST["hargabeli"]);
              $hargajual = mysqli_real_escape_string($conn, $_POST["hargajual"]);
              $keterangan = mysqli_real_escape_string($conn, $_POST["keterangan"]);
              $brand = mysqli_real_escape_string($conn, $_POST["brand"]);
              $kategori = mysqli_real_escape_string($conn, $_POST["kategori"]);
              $is_active = mysqli_real_escape_string($conn, $_POST["is_active"]);
              $image_name = mysqli_real_escape_string($conn, $fileDestination);
              $sumber_pengadaan = mysqli_real_escape_string($conn, $_POST["sumber_pengadaan_id"]);
              $supplier = mysqli_real_escape_string($conn, $_POST["supplier_id"]);
              $remark = mysqli_real_escape_string($conn, $_POST["remark"]);
              $umur_penyusutan_barang = mysqli_real_escape_string($conn, $_POST["umur_penyusutan_barang"]);
              $umur_ekonomis = mysqli_real_escape_string($conn, $_POST["umur_ekonomis"]);
              $sumber_perolehan = mysqli_real_escape_string($conn, $_POST["sumber_perolehan"]);
              $tanggal_invoice = date('Y-m-d', strtotime($_POST['tanggal_invoice']));

for all those result, i made this sql on my php

sql2 = "insert into $tabeldatabase values( '$kode','$nama','$hargabeli','$hargajual','$keterangan','$kategori','','','','','','$brand','','', '$image_name', '', '$sumber_pengadaan','', '$supplier','', '$remark', '$umur_penyusutan_barang', '$umur_ekonomis', '', '$is_active', '$tanggal_invoice', '')";

but the problem is, if $kode was exists, the program automatically delete old data and replace with the new data, how to set the code based on this case, so if kode was exists, then it cant be inserted.

i think sort of this, but dont know if it's right or not

sql2 = "insert into $tabeldatabase values( '$kode','$nama','$hargabeli','$hargajual','$keterangan','$kategori','','','','','','$brand','','', '$image_name', '', '$sumber_pengadaan','', '$supplier','', '$remark', '$umur_penyusutan_barang', '$umur_ekonomis', '', '$is_active', '$tanggal_invoice', '') WHERE NOT EXISTS (SELECT * FROM $tabeldatabase WHERE kode = $kode)";
tryharder
  • 43
  • 6
  • **Warning:** You are wide open to [SQL Injections](https://php.net/manual/en/security.database.sql-injection.php) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/5741187) – Dharman Dec 21 '21 at 13:01
  • Put a unique index on the column where `$kode` is supposed to go en use `INSERT IGNORE`\ – Michel Dec 21 '21 at 13:02

1 Answers1

0

Just add IGNORE to your query:

INSERT IGNORE INTO `table` ...

https://www.mysqltutorial.org/mysql-insert-ignore/

lezhni
  • 292
  • 2
  • 12