0

For some reason this code still returns 2 instead of one?

$allowedCount = 1; ( This figure is set inside the database )


$sql_count = mysql_query("SELECT usrid FROM mytable WHERE usrid=".$uid) or die(mysql_error());  
$currentCount = mysql_num_rows( $sql_count );


$currentCount = 1; ( In this example current count returns a 1 )



if ( $currentCount <= $allowedCount ) {

// do this OK

} else {

// do this Not OK

}

What im trying to do is check if the user has reached their limit, if so then disallow them further INSERT queries etc....

Would this be a simple approach?

Dan J
  • 16,319
  • 7
  • 50
  • 82
jonnypixel
  • 327
  • 5
  • 27
  • Why not use `COUNT(*)` in your `SELECT`? – Jared Farrish Oct 19 '11 at 00:10
  • depending on where you get $uid from, this could be a potential sql injection vulnerability. See: http://stackoverflow.com/questions/60174/best-way-to-stop-sql-injection-in-php – DGM Oct 19 '11 at 00:24

1 Answers1

0

check your db, you may have duplicate record. if your using a form to insert the data it may be reinserting data upon page refresh. if not check your db for duplication.

user836910
  • 484
  • 2
  • 9
  • 22
  • @Jared, I will try that but i think my problem is that i am saying if 1 <= 1 then allow this.. which means that they can still do it once more. – jonnypixel Oct 19 '11 at 00:37
  • @DGM the code i posted is stripped right down for simplicity. I am definately escaping and also grabbing the usr id from a global that cant be changed. – jonnypixel Oct 19 '11 at 00:38
  • I did think that but i have phpmyadmin opened on another monitor and have made sure that only one entry is there. – jonnypixel Oct 19 '11 at 00:40