Page 2 of 2

SOLVED

Posted: Thu Apr 20, 2006 11:28 pm
by saltriver
if (!$num_rows) {

That's the little bugger.

So here it is in it's final form:

Code: Select all

$recordID = $_GET['recordID'];
$db = mysql_select_db($db_name, $db_handle) or die (mysql_error());
$rc = "select * from popup where rest = '$recordID'";
$restchk = mysql_query($rc) or die (mysql_error());
$num_rows = mysql_num_rows($restchk);
if (!$num_rows) {
$sql = "insert into popup values ('', '$recordID', now(), '1')"; 
mysql_query($sql);
} else {
$sqlu = "update popup set hits = hits ++1 where rest = '$recordID'";
mysql_query($sqlu);
};
Muchos Gacias, ole!

Posted: Fri Apr 21, 2006 6:26 am
by timvw
You are:

- not validating user input ($_GET['recordID'] (http://www.php.net/isset)
- you don't prepare the recordID for use in a mysql query (http://www.php.net/mysql_real_escape_string)

Btw, since you are using mysql you can use the following:

Code: Select all

INSERT INTO foo VALUES (bar)
ON DUPLICATE KEY UPDATE countcol = countcol + 1

Posted: Fri Apr 21, 2006 2:30 pm
by Ollie Saunders
my code relies on the id being an integer, and it should be for performance reasons. using a string as the id is sloooow

Posted: Fri Apr 21, 2006 5:54 pm
by timvw
I've never said anything about using (VAR)CHAR / STRING as datatype... Btw, with the query i suggested you only have one query.. Which is more performant than two ;)

Posted: Fri Apr 21, 2006 6:09 pm
by John Cartwright
So many cool little tricks and tips I've learned from you timv... keep em coming. :wink:

Posted: Mon Apr 24, 2006 3:41 am
by Ollie Saunders

Code: Select all

INSERT INTO foo VALUES (bar)
ON DUPLICATE KEY UPDATE countcol = countcol + 1
oh wow that's very cool