Warning: file_get_contents(/data/phpspider/zhask/data//catemap/1/php/281.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Php 检查MySQL中是否已经存在该数据_Php_Mysql_Post - Fatal编程技术网
Fatal编程技术网
  • php/
  • Php 检查MySQL中是否已经存在该数据

Php 检查MySQL中是否已经存在该数据

php mysql post

Php 检查MySQL中是否已经存在该数据,php,mysql,post,Php,Mysql,Post,我正在检查数据状况。如果数据已经存在,则不会插入。否则它将被插入。但问题是数据仍然被插入,尽管它已经存在 <?php if($_SERVER['REQUEST_METHOD']=='POST'){ //Getting values $project = strtoupper($_POST['project']); if($project != null) { //Importing our

我正在检查数据状况。如果数据已经存在,则不会插入。否则它将被插入。但问题是数据仍然被插入,尽管它已经存在

<?php 
    if($_SERVER['REQUEST_METHOD']=='POST'){

        //Getting values
        $project = strtoupper($_POST['project']);
        if($project != null)
        {
            //Importing our db connection script
            require_once('dbConnect.php');
            $sql="SELECT * FROM Project WHERE project='$project'";
            $check=mysqli_fetch_array(mysqli_query($con,sql));
            if(isset($check))
            {
                // no need insert
            }
            else{
                //Creating an sql query
        $sql = "INSERT INTO Project(project) VALUES ('$project')";
            }
        //Executing query to database
        if(mysqli_query($con,$sql)){
            echo ' Added Successfully';
        }else{
            echo 'Could Not Add Project';
        }
        }
        else
        {
        echo "data is null";
        }
        //Closing the database 
        mysqli_close($con);
    }
?>
sql的执行应该放在“需要插入”else{}中。

更正这一行
$check=mysqli_fetch_数组(mysqli_query($con,sql)),您在
sql
之前错过了
$
。这就是为什么条件评估为错误
 您的代码中存在多个问题。我先回答你的问题
$check
将永远不会被设置,因为您的查询没有被执行。
$sql
中缺少
$
。此外,在查询中使用用户输入之前,始终需要清理/转义用户输入。如果您没有对其进行清理,那么黑客可能会将不需要的代码注入到您的查询中,做一些您不想做的事情。请参阅下面更新和优化的代码:


<?php 
if($_SERVER['REQUEST_METHOD']=='POST'){
    //Getting values
    if(isset($_POST['project']) && !empty($_POST['project'])){
        //Importing our db connection script
        require_once('dbConnect.php');
        $project = strtoupper($_POST['project']);
        //Security: input must be sanitized to prevent sql injection
        $sanitized_project = mysqli_real_escape_string($con, $project);
        $sql = 'SELECT * FROM Project WHERE project=' . $sanitized_project . ' LIMIT 1';// LIMIT 1 prevents sql from grabbing unneeded records
        $result = mysqli_query($con, $sql);
        if(mysqli_num_rows($result) > 0){
            // a match was found
            // no need insert
        }
        else{
            //Creating an sql query
            $sql = "INSERT INTO Project(project) VALUES ('$sanitized_project')";
            //Executing query to database
            if(mysqli_query($con,$sql)){
            echo('Added Successfully');
        }
        else{
            echo('Could Not Add Project');
        }
    }
    else{
        echo('data is null');
    }
    //Closing the database 
    mysqli_close($con);
}
?>



我在
$check=mysqli\u fetch\u数组(mysqli\u query($con,sql))中遗漏了
$
虽然我刚刚指出了初步错误,但这个答案也考虑了其他增强功能+1.