Programming Forums - View Single Post

tAK · Apr 25th, 2007, 11:21 PM

The best way to do it, is to check if the data already exists!

[PHP]<?php
if (isset($_POST['data']))
{
$data = $_POST['data'];
$mysql = mysql_query("SELECT * FROM table WHERE data='$data'");
if (mysql_fetch_numrows($mysql) >= 1)
{
// do some more if checks here to see if the data belongs to this user
// for editing or whatever else is needed to make it 100% verified
echo 'Data already exists';
} Else {
//do whatever needs doing to update the data.
}
}
?>[/PHP]

i have found that having 1 php page to create the form, and another page to handle the forms data works well.. usually along the lines of:
input.php <- contains code for the form
input_handler.php <- contains code to handle the form

also, the reason i set $data = $_POST['data'], is because i have a custom function that escapes all the information, prevents people from including their own PHP / SQL code in your input box and doing all sorts of nasty stuff

Apr 25th, 2007, 11:21 PM	#14
tAK Programmer Join Date: Mar 2007 Posts: 33 Rep Power: 0	The best way to do it, is to check if the data already exists! [PHP]<?php if (isset($_POST['data'])) { $data = $_POST['data']; $mysql = mysql_query("SELECT * FROM table WHERE data='$data'"); if (mysql_fetch_numrows($mysql) >= 1) { // do some more if checks here to see if the data belongs to this user // for editing or whatever else is needed to make it 100% verified echo 'Data already exists'; } Else { //do whatever needs doing to update the data. } } ?>[/PHP] i have found that having 1 php page to create the form, and another page to handle the forms data works well.. usually along the lines of: input.php <- contains code for the form input_handler.php <- contains code to handle the form also, the reason i set $data = $_POST['data'], is because i have a custom function that escapes all the information, prevents people from including their own PHP / SQL code in your input box and doing all sorts of nasty stuff