How to get Values and insert into mysql, and check if they posted before?
I want to find an easier route and securing this code or a possibly new securer way to do so.
if(isset($_GET['func'])&&isset($_GET['sid'])){
if($_GET['func'] == "subscore"){
$check_rates_res = mysql_query("Select * FROM user_shoutbox_comment_rates WHERE Username='".$Call_User_Info->Username."' AND comment_id='".$_GET['sid']."'");
$rate_checker = mysql_num_rows($check_rates_res);
if($rate_checker >= 1){
header("Location: index.php");
}
if($rate_开发者_Go百科checker == 0){
$sql_query = "INSERT INTO user_shoutbox_comment_rates (Username, comment_id, comment_rate) VALUES ('".$Call_User_Info->Username."','{$_GET['sid']}','-1') ";
mysql_query($sql_query);
header("Location: index.php");
}
}
}
@Gotactics when both time u r sending user to same page(index.php) then why don't you use below way
if(isset($_GET['func'])&& isset($_GET['sid']))
{
if($_GET['func'] === "subscore")
{
$check_rates_res = mysql_query("SELECT * FROM user_shoutbox_comment_rates WHERE Username='".$Call_User_Info->Username."' AND comment_id='".$_GET['sid']."'");
$rate_checker = mysql_num_rows($check_rates_res);
if($rate_checker == 0){
$sql_query = "INSERT INTO user_shoutbox_comment_rates (Username, comment_id, comment_rate) VALUES ('".$Call_User_Info->Username."','{$_GET['sid']}','-1') ";
mysql_query($sql_query);
}
header("Location: index.php");
}
}
i did not update any of your query... i just modify
u can see here INSERT ON DEPLICATE KEY UPDATE SYNTAX
edit
first u create unique key combination of 2 columns unique.
ALTER TABLE user_shoutbox_comment_rates ADD UNIQUE (Username,comment_id);
then u can use below query
$stmt ="INSERT INTO user_shoutbox_comment_rates
SET Username='".$Call_User_Info->Username."', comment_id=".$_GET['sid'].", comment_rate=-1
ON DUPLICATE KEY UPDATE comment_rate=-1";
despite the sql injection issue, you can combine both into this
insert ignore into ...
加载中,请稍侯......
精彩评论