CODEWITHSUNDEEP
phpmysql
meandme
meandme

Reputation: 2477

Else and If mysql and php error

I wanted to return a not available when the some data is not present but i think something is wrong in my code

$id=$_GET["id"];
$sql="SELECT * FROM book WHERE id = '".$id."' AND type = 'new'";
if(!empty($sql))
{
    $result = mysql_query($sql);
    $row = mysql_fetch_assoc($result); 
    echo utf8_encode($row['bookreview']);
}
else
{
    echo "<div style='text-align: center; background-color: rgb(255, 255,255);'><font style='color: rgb(204, 0, 0);' size='+3'><span style='font-weight: bold;'>review not not available.</span></font><br>";
}

If review is available it return the review while if not available the " review not available" does not echo.

Upvotes: 0

Views: 118

Answers (4)

SERPRO
SERPRO

Reputation: 10067

$sql is never going to be empty.. because is an string that you just set. You might want to do:

$id=$_GET["id"];
$sql="SELECT * FROM book WHERE id = '".intval($id)."' AND type = 'new'";
$result = mysql_query($sql);
if(!empty($result) and mysql_num_rows($result) > 0)
{
    $row = mysql_fetch_assoc($result); 
    echo utf8_encode($row['bookreview']);
}
else
{
    echo "<div style='text-align: center; background-color: rgb(255, 255,255);'><font style='color: rgb(204, 0, 0);' size='+3'><span style='font-weight: bold;'>review not not available.</span></font><br>";
}

Upvotes: 0

Jeremy Harris
Jeremy Harris

Reputation: 24549

The $sql variable contains a string which is assigned prior to checking if it is empty. It will never be empty in this case.

Maybe what you are trying to do is check the number of results returned from the query? In order for that to happen, you have to run the query first. Here is a quick (off the top of my head) example with mysqli:

$mysqli = new mysqli("localhost", "my_user", "my_password", "my_db");

$id = $_GET["id"];
$sql = "SELECT * FROM book WHERE id = '".$id."' AND type = 'new'";

// Run query
if ( $result = $mysqli->query($sql) )
{
   // We got results
   var_dump($result);
   $result->close();
}
else
{
   // No results
   echo("Oops. Nothing here.");
}

To avoid SQL injection, I recommend learning about PDO and how to write prepared statements.

Upvotes: 2

hsz
hsz

Reputation: 152206

$id  = (int) $_GET['id']; // important !
$sql = 'SELECT * FROM book WHERE id = ' . $id. ' AND type = "new"';
$result = mysql_query($sql);

if(mysql_num_rows($result) > 0) {
    $row = mysql_fetch_assoc($result); 
    echo utf8_encode($row['bookreview']);
} else {
    echo "<div style='text-align: center; background-color: rgb(255, 255,255);'><font style='color: rgb(204, 0, 0);' size='+3'><span style='font-weight: bold;'>review not not available.</span></font><br>";
}

It's important tu cast GET parameters to specified type (int here) to avoid SQL Injection !

With mysql_num_rows you can check how many rows were returned with your query. You have to do a query to check it. Checking if $sql variable is empty is useless because it is just string that is always 'full' - it containst your query statement.

Upvotes: 2

Rok Kralj
Rok Kralj

Reputation: 48725

You are actually checking if string is empty, not the result set, see it?

!empty("any string")

will always return true.

Upvotes: 0

Related Questions