0

hope everything is going fine with you all. I am facing a challenge and after reading and searching a lot I dicided to call the gods.

I have a table named "tclinte" in my db with these Names:

|CliNIF | CliNome | CliNumProc | CliNIC | CliOrigem | CliGestor | CliContactoGC|

CliNIF(primary key) and CliNome (are unic/cant be repeated, the rest doenst matter)

So, I want to check if when inserting data to this table the new CliNIF or new CliNome or both are already in the table, something like:

if (CliNIF and CliNome exists) { update all fields except them}    
else if (CliNIF and CliNome don't exist) { create all fields}    
else if (CliNIF exists and CliNome not exists) { update fields except CliNIF}    
else { update fields except CliNome}

----------------I have this, but it only checks if CliNIF exists, tryed to aply the EXACT same to CliName but I receive an error "mysql_fetch_array() expecting resource boolean given" even when it should work-------

N.º1 check if nif exists- works fine) N.º2 - check if name exists - gives error)

$queryTCliente1 = "SELECT * FROM TCliente WHERE CliNIF =".$_POST['CliNIF'];
                $searchTCliente1 = mysql_query($queryTCliente1);
                $resultTCliente1 = mysql_fetch_array($searchTCliente1);
                if (empty($resultTCliente1)){ 
                    //PREENCHIMENTO TABELA CLIENTE
                    $insertTable= mysql_query("insert into TCliente (CliNIF, CliNome, CliNumProc, CliNIC, CliOrigem, CliGestor, CliContactoGC) 
                    values ( '".$_POST['CliNIF']."', '".$_POST['CliNome']."','".$_POST['CliNumProc']."', '".$_POST['CliNIC']."', 
                    '".$_POST['CliOrigem']."', '".$_POST['CliGestor']."', '".$_POST['CliContactoGC']."');");
                }      

$queryTCliente2 = "SELECT * FROM TCliente WHERE CliNome =".$_POST['CliNome'];
                $searchTCliente2 = mysql_query($queryTCliente2);
                $resultTCliente2 = mysql_fetch_array($searchTCliente2);
                if (empty($resultTCliente2)){ 
                    //PREENCHIMENTO TABELA CLIENTE
                    $insertTable= mysql_query("insert into TCliente (CliNIF, CliNome, CliNumProc, CliNIC, CliOrigem, CliGestor, CliContactoGC) 
                    values ( '".$_POST['CliNIF']."', '".$_POST['CliNome']."','".$_POST['CliNumProc']."', '".$_POST['CliNIC']."', 
                    '".$_POST['CliOrigem']."', '".$_POST['CliGestor']."', '".$_POST['CliContactoGC']."');");
                }
CJay
  • 5
  • 1
  • 1
    Lovely [SQL injection attack](http://bobby-tables.com) vulenrabilities. Sit back and relax - your server will be pwn3d soon and your problem here will become moot. – Marc B Dec 02 '14 at 16:56
  • ...thats obvious to say but this is not finished yet, i am aware of sql injection and ofcourse it will be protected... i am worried with it working first. Why protect something that is not working?? Captain obvious... – CJay Dec 02 '14 at 17:01
  • captain obvious would also say that if you don't build something right in the first place, you'll probably never around to improving it later. it takes next-to-no time to write a secure query from the get-go. – Marc B Dec 02 '14 at 17:06
  • I apreciate any kind of criticism because it can help to do better things. But, what stress me up is ppl like you doesn't trying to help in what is being asked... – CJay Dec 02 '14 at 17:38
  • Then as a general tip: If you get an error message: TELL US WHAT IT IS. – Marc B Dec 02 '14 at 17:52
  • Its written there budy: "...Tryed to aply the EXACT same to CliName but I receive an error mysql_fetch_array() expecting resource boolean given..." – CJay Dec 02 '14 at 17:56

1 Answers1

0

instead of this

 "SELECT * FROM TCliente WHERE CliNome =".$_POST['CliNome'];

Please try this. Hope this will resolve your error

 "SELECT * FROM TCliente WHERE CliNome ='".$_POST['CliNome']."'";
Vinay Sharma
  • 285
  • 3
  • 15