comparing records

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
pleigh
Forum Contributor
Posts: 445
Joined: Wed Jan 19, 2005 4:26 am

comparing records

Post by pleigh »

i have this code

Code: Select all

$sql = "SELECT * FROM hh_users2rights where UKey = '" . $_POST['employees'] . "' AND RKey = '" . $_POST['rights'] . "'";
							$rs = mysql_query($sql);
							
							if ($rs) {
								$usql = "select UKey, FirstName, LastName FROM buzz_users WHERE UKey = '" . $_POST['emp'] . "'";
								$uresult = mysql_query($usql) or die(mysql_error());
								
								if ($uresult) {
									
									while ($row = mysql_fetch_array($uresult, MYSQL_NUM)) {
										echo "<b><font color='red'>" . $row[1] . " " . $row[2] . " already has this right</font></b>";
									}
									
								} else {
									echo "system error";
								}
								
							}
what i want to do is that i want to compare and check if there is an existing record for this user, and if he does, then this script will execute. the problem is that it the first sql script evalutates to true, even if the the user does not have a record on the other field. how can i achieve that..pardom me, im really confused.thank you.
User avatar
s.dot
Tranquility In Moderation
Posts: 5001
Joined: Sun Feb 06, 2005 7:18 pm
Location: Indiana

Post by s.dot »

Check if mysql_num_rows($rs) == 1
User avatar
pleigh
Forum Contributor
Posts: 445
Joined: Wed Jan 19, 2005 4:26 am

Post by pleigh »

hi, thanks, i did this

Code: Select all

$sql = "SELECT * FROM hh_users2rights where UKey = '" . $_POST['employees'] . "' AND RKey = '" . $_POST['rights'] . "'"; 
                                                        $rs = mysql_query($sql); 
                                                        
                                                        if ($rs) { 
                                                                $usql = "select UKey, FirstName, LastName FROM buzz_users WHERE UKey = '" . $_POST['emp'] . "'"; 
                                                                $uresult = mysql_query($usql) or die(mysql_error()); 
                                                                
                                                                if ($uresult) { 
                                                                        
                                                                        while ($row = mysql_fetch_array($uresult, MYSQL_NUM)) { 
                                                                                echo "<b><font color='red'>" . $row[1] . " " . $row[2] . " already has this right</font></b>"; 
                                                                        } 
                                                                        
                                                                } else { 
                                                                        echo "system error"; 
                                                                } 
                                                                
                                                        }
still the same problem, it does not filter the user..any hint on the problem?
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

one another note, you have not escaped any of your incoming data, therefor leaving your queries vulnerable to SQL injection. Apply at minimum mysql_real_escape_string and trim, on all incoming data used in queries.
still the same problem, it does not filter the user..any hint on the problem?
[/quote]

You did not check mysql_num_rows as previously suggested :?
Post Reply