Reputation: 422
saving mysql select in variable and using in if statement
I know this question has been indirectly explained, but I just cant seam to get it right. Im building a mathematical tool for teachers to create exercises, etc. The data base is populated by many individuals, my data base has a table for each exercise, the actual row for it is set unique. Given that a given exercise can have more than one answer there is another table 'resolución' linking to a resolutions manual which is dynamically created in a latter stage. My code so far is this:
<?php
$continued = mysql_connect("localhost","root","");
if ($continued) {
echo ("Connection is succeed");
} else {
echo ("Connection is fail");
}
mysql_select_db("Problemas Calculo 1");
$provisional = null;
$provisional = mysql_query ("SELECT 'Id_ejercicio' FROM `Problemas Calculo 1`.`Ejercicios` WHERE `Ejercicios`.`ejercicio = '$_POST[ejercicio]'");
if ($provisional === null){
$Ejer_result = mysql_query("INSERT INTO `Problemas Calculo 1`.`Ejercicios` (`Id_ejercicio`, `Tipo`, `Clase`, `Tema`, `Ejercicio`, `Dificultad`) VALUES (NULL, ".$_POST['tipo'].", ".$_POST['clase'].", ".$_POST['tema'].", '$_POST[ejercicio]', ".$_POST['dificultad'].")");
if ($Ejer_result) {
echo ("<br> succeed");
$Ejer_resolucion = mysql_query("INSERT INTO `Problemas Calculo 1`.`Resolucion` (`id_resolucion`,`id_ejercicio`) VALUES (NULL, LAST_INSERT_ID())");
} else {
echo ("<br> fail");
}
} else {
echo ("Ejercicio ya existe; se creara nueva solucion");
$Ejer_resolucion = mysql_query("INSERT INTO `Problemas Calculo 1`.`Resolucion` (`id_resolucion`,`id_ejercicio`) VALUES (NULL, '$provisional')");
if ($Ejer_resolucion) {
echo ("<br> succeed Resolucion");
} else {
echo ("<br> fail Resolucion");
}
}
?>
I think that my problem is in setting the variable $provisional
Upvotes: 0
Views: 80
Answers (2)
Reputation: 9142
I see a massive SQL injection vulnerability right off the bat. At the very least, you should be using mysqli_* functions and NOT mysql_* functions while sanitizing data. Best case would be to learn PDO.
Object-oriented PDO may be a learning curve, but well worth it.
Upvotes: 0
Reputation: 2235
mysql_query returns a resultset-identifier, you should not check it against NULL or false, but should count the numer via mysql_numrows.
Also you should use mysqli_functions since mysql_* is deprecated (at least folks here are repeating that over and over again). FALSE only comes in an error, not in an empty set.
Upvotes: 2
Related Questions
- SQL IF STATEMENT with PHP variable
- PHP/MySql if-operator within select statement
- MySQL SELECT with IF statement to set variable from another table
- PHP echo MySQL value in If/Else
- MySQL: save SELECT to variable
- Creating an if method in php with what I selected in a query?
- mysql if statement with variable
- <select SELECTED> IF Statement within a Loop
- php select to get a variable and then apply if else on it
- Save selected in variable and then use that variable for next select