PHP Mysql - Check Subject Name if already Exist -


my code doesn't work, checking if subject name exist using php prepared statements sql injection:

code:

<?php if($_get["action"] == "post") { $servername = "localhost"; $username = "my db"; $password = "my pass"; $dbname = "my db"; // create connection mysqli_report(mysqli_report_error | mysqli_report_strict); $conn = new mysqli($servername, $username, $password, $dbname); // check connection if ($conn->connect_error) {     die("connection failed: " . $conn->connect_error);  }    $checksubject = $conn->prepare("select * indexdata subjectname = ?");  $checksubject->bind_param('s', $_post['filename']);  $checksubject->execute();  $checksubject->store_result();  $countsubject = $checksubject->num_rows; //create or edit files    if(strlen($_post['filename']) <= 30 && strlen($_post['filename']) >= 8 && strlen($_post['comment']) >= 100 && strlen($_post['comment']) <= 5000 && strlen($_post['description']) >= 50 && strlen($_post['description']) <= 500 && strlen($_post['usersname']) >= 10 && strlen($_post['usersname']) <= 20) { if ($countsubject > 0) {     $echotxt = " <pre>subject has been posted!     link: <a href=\"code-blog-index-posts.php?subjectname=" . $_post['filename'] . "\" target=\"_blank\">click me</a></pre> <br>";     require("createdataposts.php"); } else {     $echotxt = die("<pre>[error]subject exist!</pre>"); }    } else {    echo "<pre><span class=\"error\">subject must greater 8 , less 30 characters</span></pre>";    echo "<pre><span class=\"error\">post must greater 100 , less 5000 characters</span></pre>";    echo "<pre><span class=\"error\">description must greater 50 , less 500 characters</span></pre>";    die(); }    echo $echotxt; echo "<a name=\"postresult\"></a>"; $countsubject->close(); $conn->close(); } ?>

it return 0
don't know why hope can solve guys!, thanks!

first checking if there field same name. query needs return 0 or 1.

# if value = 0 / field not found - no exists  if($countsubject == 0)  {    # query needs return 0 post new subject, if returned value on 0, exists    $echotxt = "<pre>subject has been posted! link: <a href=\"code-blog-index-posts.php?subjectname=" . $_post['filename'] .  "\" target=\"_blank\">click me</a></pre> <br>";    require("createdataposts.php");  }  else $echotxt = die("<pre>[error]subject exist!</pre>");

Comments

Post a Comment