Home/ Questions/Q 8581281
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-11T21:00:37+00:00

I’ve been trying to figure out how to insert data received from a form

  • 0

I’ve been trying to figure out how to insert data received from a form into one table only if the received data exists in another table. If the data doesn’t exist it moves onto another query and checks another table for the received data.

This is what I’m trying to do:

function addNewUser($username, $password, $email, $actcode){
    $time = time();

    $q = "UPDATE ".TBL_RELEASE_CODES." SET code = '$actcode' WHERE code = '$actcode'";
    $result = mysql_query($q, $this->connection);
    if (!$result || (mysql_numrows($result)) == 0){
        $q = "INSERT INTO ".TBL_RELEASE_USERS." VALUES ('$username', '$password', '0', $ulevel, '$email', '$actcode', $time)";
        return mysql_query($q, $this->connection);
    }

The purpose of this is that when the user submits a special code the system will run checks to see if the code belongs to a certain table.

If it finds the submitted code in a table it will run the insert query associated with the check, if not then it breaks and returns an error saying no match was found.

I’m probably using the code incorrectly as I’ve been scrounging information from Google searches and testing them out. With no luck yet.

This code is being run off a website using PHP 5 and MySQL.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    The first query doesn’t do anything — it sets code to $actcode only in the rows where code is already $actcode. You should use a SELECT, not UPDATE:

    $q = "SELECT COUNT(*) FROM ".TBL_RELEASE_CODES." WHERE code = ?";
$stmt = mysqli_prepare($this->connection, $q);
mysqli_stmt_bind_param($stmt, 's', $actcode);
mysqli_stmt_bind_result($stmt, $count);
mysqli_execute($stmt) or die "Query failed: ".mysqli_stmt_error($stmt);
mysqli_stmt_fetch($stmt);
if ($count == 1) {
  // Insert into TBL_RELEASE_USERS
} else {
  // Return error saying no match found
}

    You should also not use the mysql_XXX functions. They’re deprecated and make it hard to avoid SQL-injection attacks. My code above uses mysqli_XXX, which supports prepared statements to protect against that. It also has an OO-style API if you like, but I didn’t use that above.

    • 0