ZYWIEC ZYWIEC - 6 months ago 9
MySQL Question

Preventing from adding data into database

I'm trying to do a directory where u can add yourself by entering the code sms. After entering the correct code sms, it checks if code exist in the database, then remove entered code from DB and add data from form. Now I have a problem because I do not know how to prevent from adding data into the database, when the given code is incorrect.
At the moment, it looks like this:

if ($sum != $val1+$val2) { //simple captcha
echo '<div id="message_position_capreg"><p class="error_form"><font color="red">Incorrect. Try again</font></p></div>';
}
else {
if ($_POST['code']){
$code=$_POST['code'];

global $wpdb;
$sql = $wpdb->prepare("SELECT id FROM code_sms WHERE code = %s", $cd);
$check_code = $wpdb->get_results($sql);

if ($check_code>0) {

$wpdb->delete( 'code_sms', array( 'code' => $code ) );


if ( isset( $_POST["submit_formm"] ) && $_POST["company_nip"] && $_POST["company_name"] != "" ){
$company_nip = strip_tags($_POST["company_nip"], "");
$company_name = strip_tags($_POST["company_name"], "");
$result = $wpdb->insert(
'test',
array(
'company_nip' => $company_nip, 'company_name' => $company_name)
);

if (!$result) {
echo '<div>
ERROR</div>';
}
else {

echo '<div>
Succes</div>';
}
}
}
}
}


EDIT:
I editted my code, like u said, but its still somehow add those data from form to the DB (Ofc when given code is incorecct)

Answer

You're basically checking "if sms_code exists in database" then "remove code; insert form data."

However, you're closing your if statement prior to adding the form data. Move your } that closes your if statement as shown below. That way, if the sms_code is incorrect, you do not process the form data if statement & insert.

Also, your $check_code variable is not the number of rows, but rather a results set. This result set will only be FALSE if the query resulted in an error. See the documentation for get_result here: mysqli_stmt_get_result

Returns a resultset for successful SELECT queries, or FALSE for other DML queries or on failure. The mysqli_errno() function can be used to distinguish between the two types of failure.

You need to check the results set for the number of rows and test against that in the if statement. Code below has been updated.

  if ($sum != $val1+$val2) {   //simple captcha
            echo '<div id="message_position_capreg"><p class="error_form"><font color="red">Incorrect. Try again</font></p></div>';
        }
        else {
            if ($_POST['code']){
    $code=$_POST['code'];

    global $wpdb;
    $sql = $wpdb->prepare("SELECT id FROM code_sms WHERE code = %s", $cd);

   $result = $wpdb->get_results($sql);

   /* Get the number of rows */
   $num_of_rows = $result->num_rows;

    if ($num_of_rows>0)  {

        $wpdb->delete( 'code_sms', array( 'code' => $code ) );

        if ( isset( $_POST["submit_formm"] ) && $_POST["company_nip"] && $_POST["company_name"] != "" ){
                    $company_nip = strip_tags($_POST["company_nip"], "");
                    $company_name = strip_tags($_POST["company_name"], "");
            $result = $wpdb->insert( 
                        'test', 
                        array( 
                            'company_nip' => $company_nip, 'company_name' => $company_name)
                    );

            if (!$result) {
                echo '<div>
                ERROR</div>';
            }
            else {

                 echo '<div>
                Succes</div>';
            }
        }
    }
Comments