if(isset($_POST['save']))
{
$query = mysql_query("SELECT*FROM user WHERE user_name");
if (mysql_num_rows($query)>1)
{
echo 'User name have table';
}
else {
mysql_query("INSERT INTO `user` ( `user_id`,`user_name`,`password`,`fullname`,`email`,`area`,`region`,`type`,`grade`,`expences`,`join_date`,`leave_date`,`comp_id`,`status`,`permission` ,`department`,`address`,`contact_no`,`distric` ) VALUES ('', '".$_POST['user_name']."', md5('".$_POST ['password']."'),'".$_POST['fullname']."','".$_POST['email']."','".$_POST['area']."','".$_POST['region']."','".$_POST['type']."','".$_POST['grade']."','".$_POST['expences']."','".$_POST['join_date']."','".$_POST['leave_date']."','".$_POST['comp_id']."','".$_POST['status']."','".$_POST['permission']."','".$_POST['department']."','".$_POST['address']."','".$_POST['contact_no']."','".$_POST['distric']."')") ;
echo "<META http-equiv='refresh' content='0;URL=index.php?show=user'>";
exit;
}
}
else
{
$msg = ' ';
}
Just to start with, this line is not complete. You would need something like this (note: I converted it to PDO, which is safer but requires you to change your connection):
$stmt = $pdo->prepare('SELECT user_name FROM user WHERE user_name = :name');
$stmt->execute(array('name' => $_POST['user_name']));
if ($stmt->rowCount() > 1) {
echo 'User name have table';
} else {
// you'll need to do something similar for your insert statement....
}
by doing a SELECT first, before the INSERT, without locking the two statements with a transaction, you leave yourself open to a race condition
if you want a simple solution, forget the SELECT and use the ON DUPLICATE KEY option of the INSERT statement
3 Likes
This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.