php logic with mysql_fetch_array

[akaballa123]

Hi I am requesting some variables from a form into a server side script using ajax. I applied some logic into the server side script. However, when I added the logic, my form db does not get updated. Anywyz...my problem seems to be within the serverside php code of things, I have been toiling very hard to figure out this problem but havent found it. However, I am positive that it might have something to do with the mysql_fetch_array().

Please help!

<?php
//this page is used to updated the courses table with the current security id
include("mysqlConnection.php");

$secid = $_GET['secid'];
$name = $_POST['Name'];
//$otherOrg = $_GET['otherOrg']

$insert = "INSERT INTO courses
           (securityId)
            VALUES('$secid')";

$courses = @mysql_query('SELECT * FROM courses', $con);
//$organizations = @mysql_query('SELECT * FROM organizations', $con);
$counter = false;
while($rand = @mysql_fetch_array($courses))
{
    if(($rand['securityId'] == $secid) || ($rand['courseName'] == $name))
	{
		   $counter = true;
		   break;
    }
}

if($counter != true)
{
  mysql_query($insert, $con);
  echo 'success';
  echo $_GET['secid'];
}

include("mysqlConnClose.php")
?>

 

[lgarner]

Try removing the '@' symbols and see if any errors are thrown.

 

[jet042]

The first thing that screams at me is that you don't clean your inputs before running a query against your database. Make sure to always, always, always run any user input through a cleaning function (in this case, it's mysql_real_escape_string()) before allowing it to touch a query. That's probably not related to this problem, but it can cause a lot bigger ones later.

I'd suggest you add some error checking echoes to see where this is failing or at least remove the error suppressor (@) before your mysql calls. I don't see where you create the connection to the database on this page, so I imagine that you're getting an error about the connection not being available or $con not being defined that is not being shown.

 

[jpadie]

a few observations:

1. i assume that the include is in the global scope and thus $conn is available? if not then remove the reference to $conn and let php and the mysql library sort out the connection implicitly.

2. i do not understand why you are iterating the entire recordset rather than using a where clause in your sql statement. why are you not doing this

$_secID = mysql_real_escape_string($secID);
$_name = mysql_real_escape_string($name);
$courses = mysql_query("SELECT * FROM courses where securityID='$_secID' OR courseName='$_name');

or if you are just trying to see whether more than zero exists then select count (*)

or alternatively if your columns are unique keys then you could use the mysql REPLACE syntax. or you could use the INSERT IGNORE syntax.

as mentioned by the other posters do NOT use the @ error suppressor in dev code. in fact don't use it at all, handle your errors properly and gracefully instead.

 

[akaballa123]

hey Thanks guys! I have found my problem. I assigned a POST to the variable $name. I was supposed to assign a GET request. Sorry for wasting your time, but I highly appreciate all of your insights. I will definitely, use them for my codes. Thank you!