在插入数据库之前检查 MySQL 中的记录
Checking records in MySQL before inserting into database
我正在创建一个预订系统,客户将在其中填写预订表(地点、教室、时间和日期)。
我的问题是关于在将记录插入数据库之前检查输入的记录。意思是如果LOCATION、CLASSROOM、TIME、DATE已经在数据库中inserted/taken/reserved,系统会提示"The Location, Date and Time were reserved already",否则会插入到数据库中。我 运行 此代码但它仍然记录相同的位置、教室、日期、时间。这段代码有问题吗?
$res_location = isset($_POST['res_location']) ;
$res_classroom = isset($_POST['res_classroom']) ;
$res_inclusive_date = isset($_POST['res_inclusive_date']);
$res_inclusive_time_start = isset($_POST['res_inclusive_time_start']) ;
// Build the query
$query = sprintf("SELECT Location_Faculty FROM tbl_reservation WHERE Location_Faculty=%s AND Classroom=%s AND Inclusive_Date=%s AND Inclusive_Time=%s ",
GetSQLValueString($res_location, "text"),
GetSQLValueString($res_classroom, "text"),
GetSQLValueString($res_inclusive_date, "date"),
GetSQLValueString($res_inclusive_time_start, "date"));
$result = mysql_query($query) or die(mysql_error() . '<hr />' . $query);
$num_rows = mysql_num_rows($result);
if( $num_rows >= 1){
// then the record already exists
echo "Duplicate entry";
}
else{
//insert query
}
由于 "GetSQLValueString" 功能,SQL 无需注入。
可以查看插入的行数:
if(mysql_num_rows($Result1) > 0){
//row is inserted
}
或者您可以 运行 在插入之前进行 SELECT 查询,并检查是否返回了一行。
另一种选择是update the record if it is already inserted。
在将数据插入数据库以检查预订之前,您需要运行查询。
也许是这样的
// This function helps you escape the data before you use them in database
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
if (PHP_VERSION < 6) {
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
}
$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
}
// prep you data properly. You can use the GetSQLValueString() function to
// escape the inputs, just set it to the required type.
// if some $_POST value is not set, then you can set a default one here
$res_location = isset($_POST['res_location']) ? GetSQLValueString($_POST['res_location'], 'text') : ' set a defaule value here';
$res_classroom = isset($_POST['res_classroom']) ? GetSQLValueString($_POST['res_classroom'], 'text') : ' set a defaule value here';
$res_inclusive_date = isset($_POST['res_inclusive_date']) ? GetSQLValueString($_POST['res_location'], 'date') : ' set a defaule value here';
$res_inclusive_time_start = isset($_POST['res_inclusive_time_start']) ? GetSQLValueString($_POST['res_inclusive_time_start'], 'text') : ' set a defaule value here';
// Build the query
$query = "SELECT * FROM `tbl_reservation` WHERE `Location_Faculty` = '{$res_location}' AND `Classroom` = '{$res_classroom}' AND `Inclusive_Date` = '{$res_inclusive_date}' AND `Inclusive_Time` = '{$res_inclusive_time_start}' ";
$result = mysql_query($query) or die(mysql_error() . '<hr />' . $query);
if(mysql_num_rows($result) > 0){
// then the record already exists
echo "Duplicate entry";
} else {
// save to database
}
请注意,它对 sql 注入很有价值,因此您必须转义输入并尝试使用 mysqli 或 pdo 而不是旧的 mysql 函数
我正在创建一个预订系统,客户将在其中填写预订表(地点、教室、时间和日期)。
我的问题是关于在将记录插入数据库之前检查输入的记录。意思是如果LOCATION、CLASSROOM、TIME、DATE已经在数据库中inserted/taken/reserved,系统会提示"The Location, Date and Time were reserved already",否则会插入到数据库中。我 运行 此代码但它仍然记录相同的位置、教室、日期、时间。这段代码有问题吗?
$res_location = isset($_POST['res_location']) ;
$res_classroom = isset($_POST['res_classroom']) ;
$res_inclusive_date = isset($_POST['res_inclusive_date']);
$res_inclusive_time_start = isset($_POST['res_inclusive_time_start']) ;
// Build the query
$query = sprintf("SELECT Location_Faculty FROM tbl_reservation WHERE Location_Faculty=%s AND Classroom=%s AND Inclusive_Date=%s AND Inclusive_Time=%s ",
GetSQLValueString($res_location, "text"),
GetSQLValueString($res_classroom, "text"),
GetSQLValueString($res_inclusive_date, "date"),
GetSQLValueString($res_inclusive_time_start, "date"));
$result = mysql_query($query) or die(mysql_error() . '<hr />' . $query);
$num_rows = mysql_num_rows($result);
if( $num_rows >= 1){
// then the record already exists
echo "Duplicate entry";
}
else{
//insert query
}
由于 "GetSQLValueString" 功能,SQL 无需注入。
可以查看插入的行数:
if(mysql_num_rows($Result1) > 0){
//row is inserted
}
或者您可以 运行 在插入之前进行 SELECT 查询,并检查是否返回了一行。
另一种选择是update the record if it is already inserted。
在将数据插入数据库以检查预订之前,您需要运行查询。
也许是这样的
// This function helps you escape the data before you use them in database
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
if (PHP_VERSION < 6) {
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
}
$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
}
// prep you data properly. You can use the GetSQLValueString() function to
// escape the inputs, just set it to the required type.
// if some $_POST value is not set, then you can set a default one here
$res_location = isset($_POST['res_location']) ? GetSQLValueString($_POST['res_location'], 'text') : ' set a defaule value here';
$res_classroom = isset($_POST['res_classroom']) ? GetSQLValueString($_POST['res_classroom'], 'text') : ' set a defaule value here';
$res_inclusive_date = isset($_POST['res_inclusive_date']) ? GetSQLValueString($_POST['res_location'], 'date') : ' set a defaule value here';
$res_inclusive_time_start = isset($_POST['res_inclusive_time_start']) ? GetSQLValueString($_POST['res_inclusive_time_start'], 'text') : ' set a defaule value here';
// Build the query
$query = "SELECT * FROM `tbl_reservation` WHERE `Location_Faculty` = '{$res_location}' AND `Classroom` = '{$res_classroom}' AND `Inclusive_Date` = '{$res_inclusive_date}' AND `Inclusive_Time` = '{$res_inclusive_time_start}' ";
$result = mysql_query($query) or die(mysql_error() . '<hr />' . $query);
if(mysql_num_rows($result) > 0){
// then the record already exists
echo "Duplicate entry";
} else {
// save to database
}
请注意,它对 sql 注入很有价值,因此您必须转义输入并尝试使用 mysqli 或 pdo 而不是旧的 mysql 函数