Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Check whether the data already exists in MySQL

Tags:

post

php

mysql

I'm trying to do a checking data condition. If data already exists, it will not inserted. Otherwise it will inserted. But the problem is data still get inserted although it already exists !

<?php 
    if($_SERVER['REQUEST_METHOD']=='POST'){

        //Getting values
        $project = strtoupper($_POST['project']);
        if($project != null)
        {
            //Importing our db connection script
            require_once('dbConnect.php');
            $sql="SELECT * FROM Project WHERE project='$project'";
            $check=mysqli_fetch_array(mysqli_query($con,sql));
            if(isset($check))
            {
                // no need insert
            }
            else{
                //Creating an sql query
        $sql = "INSERT INTO Project(project) VALUES ('$project')";
            }
        //Executing query to database
        if(mysqli_query($con,$sql)){
            echo ' Added Successfully';
        }else{
            echo 'Could Not Add Project';
        }
        }
        else
        {
        echo "data is null";
        }
        //Closing the database 
        mysqli_close($con);
    }
?>
like image 577
John Avatar asked Jan 26 '26 18:01

John

2 Answers

There were multiple issues in your code. I'll start with answering your question. $check will never be set because your query isn't being executed. The $ is missing from $sql. Additionally, you always need to sanitize/escape user input before using it in a query. If you do not sanitize it, then it is possible that a hacker might inject unwanted code into your query, doing things that you didn't want to be done. See the updated and optimized code below:

<?php 
if($_SERVER['REQUEST_METHOD']=='POST'){
    //Getting values
    if(isset($_POST['project']) && !empty($_POST['project'])){
        //Importing our db connection script
        require_once('dbConnect.php');
        $project = strtoupper($_POST['project']);
        //Security: input must be sanitized to prevent sql injection
        $sanitized_project = mysqli_real_escape_string($con, $project);
        $sql = 'SELECT * FROM Project WHERE project=' . $sanitized_project . ' LIMIT 1';// LIMIT 1 prevents sql from grabbing unneeded records
        $result = mysqli_query($con, $sql);
        if(mysqli_num_rows($result) > 0){
            // a match was found
            // no need insert
        }
        else{
            //Creating an sql query
            $sql = "INSERT INTO Project(project) VALUES ('$sanitized_project')";
            //Executing query to database
            if(mysqli_query($con,$sql)){
            echo('Added Successfully');
        }
        else{
            echo('Could Not Add Project');
        }
    }
    else{
        echo('data is null');
    }
    //Closing the database 
    mysqli_close($con);
}
?>
like image 171
Andrew Avatar answered Jan 28 '26 07:01

Andrew

Correct this line $check=mysqli_fetch_array(mysqli_query($con,sql));, you missed $ before sql. That's why condition is evaluating to false.

Sign in to Comment

Related questions

How do I fix a malformed URL in PHP?
is it ok to change the main file name in a WordPress plugin when updating to a new version?
Doctrine: Set model values as array
Too many SQL calls on page load?
my php, jquery comment system cannot display comments in right order

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!