why is my sql doesn't work in checking row exist

Question

Here's my data structure of each table:

I have a problem that I need help with. I have a table student_votes and student. My problem is the second condition which is the checking the student if he/she already voted. Because when I run my codes it always go to the plsvote.php even when it's not supposed to.

student_votes table has:

(id(pri),candid(foreign),idno(foreign),syearid(foreign))

Here's my code:

<?php
//Start session
session_start();
//Array to store validation errors
//Connect to mysql server
include('connect.php');
//Function to sanitize values received from the form. Prevents SQL injection
//Sanitize the POST values
if (isset($_POST['login'])){
$idno = mysql_real_escape_string($_POST['idno']);
$password = mysql_real_escape_string($_POST['password']);
$position =  mysql_real_escape_string($_POST['user_type']);
    $YearNow=Date('Y');
 //checking student idno and password
    $sql1 = "SELECT * FROM student,school_year WHERE idno = '$idno' AND password = '$password' AND school_year.syearid = student.syearid AND school_year.from_year like $YearNow" ;
    $result = mysql_query($sql1) or die();
    $row = mysql_fetch_array($result);
    $num_row = mysql_num_rows($result);
 //checking if the student has been voted
    $sql2 = "SELECT * FROM student,studentvotes WHERE student.idno = studentvotes.idno AND syearid = $YearNow" ;
    $result1 = mysql_query($sql2) or die();
    $row1 = mysql_fetch_array($result1);
    $num_row = mysql_num_rows($result1);
    if ($row['user_type'] == "1"){
        //  $query = mysql_query ("INSERT INTO user_log VALUES('','$idno',NOW(), 'Login') ") or die(mysql_error());
        header('location:admin/index.php');
    } else if ($row['user_type'] == "3") {
//here is the part where I would check if the student already voted or not
        if ($num_row > 0) {
            $sql_c = "SELECT * FROM student WHERE idno = '$idno' AND password='$password' ";
            $result1 = mysql_query($sql_c) or die(mysql_error());
            while($row2=mysql_fetch_array($result1)){
                $_SESSION['SESS_COURSE'] = $row2['progid'];   
                $_SESSION['SESS_MEMBER_ID'] = $idno;
                header('location: plsvote.php');
                //$query = mysql_query ("INSERT INTO user_log VALUES('$idno',NOW(), 'Login') ") or die(mysql_error());
            }
        } else {
            header('location: notification.php');
        }
    } else if ($row['user_type'] == "2"){
        //  $query = mysql_query ("INSERT INTO user_log VALUES('','$idno',NOW(), 'Login') ") or die(mysql_error());
        header('location:admin/officerpanel.php');
        //$_SESSION['admin'] = $idno;
    } else {
        echo "<script type='text/javascript'>\n";
        echo "alert('Username or Password incorrect!, Please try again.');\n";
        echo "window.location = 'index.php';";
        echo "</script>";
        exit();
    }
}
?>

because your second query is just selecting all the rows from your table.. you need to make it only select the row from the given user and only IF the user has voted. you didn't post your table structure so can't help.. — I wrestled a bear once., Jan 05 '16 at 01:02
Please dont use the `mysql_` database extensions, it is deprecated (gone for ever in PHP7) Especially if you are just learning PHP, spend your energies learning the `PDO` or `mysqli_` database extensions, [and here is some help to decide which to use](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php) — RiggsFolly, Jan 05 '16 at 01:03
I would start with proper indentation of your code. Find and read some well know coding style used for PHP and stick to it. Your code is very badly readable. — David Ferenczy Rogožan, Jan 05 '16 at 01:11
I dont see and code like `if ($row3 >0) {` have you moved on to code you have not shown us, or was that a typo? — RiggsFolly, Jan 05 '16 at 09:02

RiggsFolly · Answer 1 · 2016-01-05T09:06:19.940

Your $sql2 query is selecting all students that have voted in the year specified.

All you need to do is limit the rows returned in that query to the votes made by the student identified by $idno i.e. this student.

<?php
//Start session
session_start();
//Array to store validation errors
//Connect to mysql server
include('connect.php');
//Function to sanitize values received from the form. Prevents SQL injection
//Sanitize the POST values
if (isset($_POST['login'])){
$idno = mysql_real_escape_string($_POST['idno']);
$password = mysql_real_escape_string($_POST['password']);
$position =  mysql_real_escape_string($_POST['user_type']);
    $YearNow=Date('Y');

    $sql1 = "SELECT * 
             FROM student,school_year 
             WHERE idno = '$idno' 
               AND password = '$password' 
               AND school_year.syearid = student.syearid 
               AND school_year.from_year like $YearNow";

    $result = mysql_query($sql1) or die();
    $row = mysql_fetch_array($result);
    $num_row = mysql_num_rows($result);


    $sql2 = "SELECT * 
             FROM student,studentvotes 
             WHERE student.idno = studentvotes.idno 
               AND syearid = $YearNow
               AND student.idno = $idno";


    $result1 = mysql_query($sql2) or die();
    $row1 = mysql_fetch_array($result1);
    $num_row = mysql_num_rows($result1);
    if ($row['user_type'] == "1"){
        //  $query = mysql_query ("INSERT INTO user_log VALUES('','$idno',NOW(), 'Login') ") or die(mysql_error());
        header('location:admin/index.php');
    } else if ($row['user_type'] == "3") {
        if ($num_row > 0) {
            $sql_c = "SELECT * FROM student WHERE idno = '$idno' AND password='$password' ";
            $result1 = mysql_query($sql_c) or die(mysql_error());
            while($row2=mysql_fetch_array($result1)){
                $_SESSION['SESS_COURSE'] = $row2['progid'];   
                $_SESSION['SESS_MEMBER_ID'] = $idno;
                header('location: plsvote.php');
                //$query = mysql_query ("INSERT INTO user_log VALUES('$idno',NOW(), 'Login') ") or die(mysql_error());
            }
        } else {
            header('location: notification.php');
        }
    } else if ($row['user_type'] == "2"){
        //  $query = mysql_query ("INSERT INTO user_log VALUES('','$idno',NOW(), 'Login') ") or die(mysql_error());
        header('location:admin/officerpanel.php');
        //$_SESSION['admin'] = $idno;
    } else {
        echo "<script type='text/javascript'>\n";
        echo "alert('Username or Password incorrect!, Please try again.');\n";
        echo "window.location = 'index.php';";
        echo "</script>";
        exit();
    }
}
?>

It would also benefit you to learn about the JOIN Syntax of SQL

The query could be written like this

    $sql2 = "SELECT * 
             FROM student s
                JOIN studentvotes sv ON s.idno = sv.idno 
             WHERE 
               AND syearid = $YearNow
               AND student.idno = $idno";

I've changed it like this but no one's happen $sql2 = "SELECT studentvotes.idno,student.idno FROM student JOIN studentvotes ON student.idno = studentvotes.idno WHERE AND syearid = $YearNow AND student.idno = '$idno'"; — Camille Valerio, Jan 05 '16 at 01:37
I've changed like this and it always say the username and password does not exist $sql2 = "SELECT * FROM studentvotes WHERE idno='$idno' AND studentvotes.syearid = $YearNow"; $result1 = mysql_query($sql2) or die(); $row1 = mysql_fetch_array($result1); — Camille Valerio, Jan 05 '16 at 02:24
from_year is integer, I've just updated my code and now the problem is the condition else if ($row['user_type'] == "3") { if (( $result1) >= 1 AND ($row2 >=1)) {, it will proceed to the plsvote.php if the student idno and syearid was not in the studentvotes but when I choose candidates from plsvote.php and submit it , it will automatically got to the index.php and nothing's happen, I think because of my sql2 — Camille Valerio, Jan 05 '16 at 09:15
Camille, I dont think you understand the purpose of SO. **You are not supposed to change the question once its been asked**. The ultimate purpose of SO is to provide a searchable problem resource with helpful answers. If you change the question, then the answer do not match the question and the **useful resource is destroyed**. Once the question is answered you accept an answer if it fixed your problem, or you UPVOTE an answer that helped solve you problem, As you have now added new code to your question with new problems can you **ask a new question please**, — RiggsFolly, Jan 05 '16 at 09:49
I will rollback this question to the last edit done to the original question. — RiggsFolly, Jan 05 '16 at 09:59

score -1 · Accepted Answer · answered Jan 05 '16 at 01:47

Here is my PHP....

You are selecting all students from the table student and studentvotes and joining them on id. You're also selecting the syearid if it matches the current year i.e. 2016. I assume your design is that if a student record appears in studentvotes then the student has voted? If that's the case then you probably don't need to select the student table unless there's a real need for it. You can just do:

$sql2 = "SELECT * FROM studentvotes WHERE idno = $idno AND syearid = $YearNow"

Also do you need the year they voted or do you just want to know if they voted or not? If the latter then add a int column in studentvotes table called 'voted' which would be used to store any one of two pieces of data, a 0 (if student has voted) or 1 (if student has not voted). Once this is done modify the sql statement to this:

$sql2 = "SELECT * FROM studentvotes WHERE idno = $idno AND voted = 1

As you can see the above statment says: Select all students from studentvotes where idno matches the current idno ($idno) and who has not voted and send them to plsvote.php. If you really need data back from student table too then just do this:

$voted=1;
 $sql2 = "SELECT name,age,voted FROM student s,studentvotes sv WHERE s.idno = sv.idno AND voted = 1

With the above example you can do another parse to bring back the ints to English for your FrontEnd:

if($voted = 1)
{
  header('location:admin/plsvote.php');
}
else
{
header('location:admin/officerpanel.php');
}

Also I don't get why you're doing a check with user_types by getting the user type from the user input storing it in a variable then doing nothing with this variable? But go on and check user type again for each select? I don't think this is needed.

I will ckeck if the idno and syearid exist in the studentvotes and if it's not it will then go to the plsvote.php — Camille Valerio, Jan 05 '16 at 01:52
Yes the latter should work too. But please think about the logic here of the rest of the functions i.e. application flow and remember if a column is not needed then why select it? Also if for example you need specific columns e.g. x y and z why select * columns? This might be extra unnecessary work for your preprocessor and db engine to do. It may be fine in small systems but once it grows then it can get out of hand quickly.Also in the system the syearid or idno mean just that, student year id and ID number I believe but in the real world do they really mean a student has voted? Not to me. — shucode, Jan 05 '16 at 11:16
this is where I got stuck : $sql2 = "SELECT * FROM studentvotes WHERE idno = $idno AND syearid = $YearNow" i think because of the idno, it work fine when I run it but when it goes to the other php before the vote.php where the student will update that they are already voted — Camille Valerio, Jan 06 '16 at 05:17
I've just solve the problem and many thanks to all of you guys :) problem solved — Camille Valerio, Jan 06 '16 at 05:49
Please tell us what code worked for you so others can see. Also as a tip for the future (something I recently learned) when you have these kind of SQL issues (CRUD related mostly) then don't be afraid to copy the SQL into your DBMS's query window, in your case into the MySQL query window and then try to execute the SQL code. If you get the result that you expected then your SQL code is fine and then I would check my PHP or C# or whatever programming language it may be as this is where the issue may be lying. — shucode, Jan 06 '16 at 09:45

why is my sql doesn't work in checking row exist

2 Answers2