check if username and ticket exist

Question

Stefce 146 Posting Pro

9 Years Ago

I have this code for checking the username and ticket availability but something doesnt work well if someone can tell me whats the problem, this error shows me if i enter the right info Invalid Ticket or Receiver here is the code:

<?php
                                    if(isset($_POST['sendTicket'])) {
                                        $ticketID = $_POST['ticketID'];
                                        $ticketReceiver = $_POST['ticketReceiver'];

                                        $ticket_id = getUserData('kladilnica', 'ticket_id');
                                        $sender = getUserData('users', 'Username');

                                        if(!empty($ticketID) && !empty($ticketReceiver)) {
                                            $sql = "INSERT INTO ticket (senderName, receiverName, Date, ticketID, match1, match2, match3, match4, match5, match6, match7, match8, match9, match10, match11, match12, match13, match14, match15, match16, tip1, tip2, tip3, tip4, tip5, tip6, tip7, tip8, tip9, tip10, tip11, tip12, tip13, tip14, tip15, tip16, Bet, Gain, Odd) 
                                            SELECT Username, '".$ticketReceiver."', Date, ticket_id, match1, match2, match3, match4, match5, match6, match7, match8, match9, match10, match11, match12, match13, match14, match15, match16, tip1, tip2, tip3, tip4, tip5, tip6, tip7, tip8, tip9, tip10, tip11, tip12, tip13, tip14, tip15, tip16, Uplata, Dobivka, Odds FROM kladilnica WHERE ticket_id='".$ticketID."' AND `Username`='".$ticketReceiver."'";
                                            $result = $conn->query($sql);

                                            if($result === false) {
                                                trigger_error('Wrong SQL: ' . $sql . ' Error: ' . $conn->error, E_USER_ERROR);
                                            } else {
                                                if($ticketReceiver == $sender) {
                                                ?>
                                                    <p>You cannnot send to yourself!</p>
                                                <?php
                                                } else {
                                                    if($conn->affected_rows > 0) {
                                                    ?>
                                                        <p>Sended successfully</p>
                                                    <?php
                                                    } else {
                                                    ?>
                                                        <p>Invalid Ticket or Receiver</p>
                                                    <?php
                                                    }
                                                }
                                            }
                                        } else {
                                        ?>
                                            <p>Can't leave empty</p>
                                        <?php
                                        }
                                    }
                                ?>

php

Edited 9 Years Ago by Stefce

6 Contributors
24 Replies
439 Views
2 Weeks Discussion Span
Latest Post 9 Years Ago Latest Post by cereal

pritaeas 2,194 ¯\_(ツ)_/¯

9 Years Ago

Are you sure that your SELECT returns any rows?

old_apache 15 Junior Poster in Training

9 Years Ago

i think you missed VALUES in your query

Bet, Gain, Odd) VALUES SELECT Username, '".$ticketReceiver."', Date

pritaeas 2,194 ¯\_(ツ)_/¯

9 Years Ago

Username column in the where clause shouldn't have single quotes around it.

diafol

9 Years Ago

We've pointed out an obvious source of error:

AND 'Username'='VladoRafa'

should be

AND Username='VladoRafa'

SO until you sort that out, we won't know whether you've got another error or not.

cereal 1,524 Nearly a Senior Poster

9 Years Ago

Hi, Date in the select list is a reserved word, you can use it if you wrap it in backticks.

Docs:

https://dev.mysql.com/doc/refman/5.6/en/keywords.html

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

Stefce 146 Posting Pro · Answer 1 · 2015-06-01T16:56:52+00:00

Stefce 146 Posting Pro

9 Years Ago

yes it returs

Stefce 146 Posting Pro · Answer 2 · 2015-06-06T15:23:57+00:00

Stefce 146 Posting Pro

9 Years Ago

Some one help me PLEASE ?

Stefce 146 Posting Pro · Answer 3 · 2015-06-06T18:53:33+00:00

nope it gives me error Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'SELECT Username, 'VladoRafa', Date, ticket_id, match1, match2, match3, match4, m' at line 2 in

diafol · Answer 4 · 2015-06-06T20:39:51+00:00

try 'VladoRafa' without the single quotes

Stefce 146 Posting Pro · Answer 5 · 2015-06-06T20:51:32+00:00

Im trying without them just like VladoRafa without anything

diafol · Answer 6 · 2015-06-06T20:56:21+00:00

That's not what your error message said. OK, well post any error messages you get now without the quotes. Otherwise we're in the dark.

Stefce 146 Posting Pro · Answer 7 · 2015-06-07T12:05:23+00:00

here is the full error message
Fatal error: Wrong SQL: INSERT INTO ticket (senderName, receiverName, Date, ticketID, match1, match2, match3, match4, match5, match6, match7, match8, match9, match10, match11, match12, match13, match14, match15, match16, tip1, tip2, tip3, tip4, tip5, tip6, tip7, tip8, tip9, tip10, tip11, tip12, tip13, tip14, tip15, tip16, Bet, Gain, Odd) VALUES SELECT Username, VladoRafa, Date, ticket_id, match1, match2, match3, match4, match5, match6, match7, match8, match9, match10, match11, match12, match13, match14, match15, match16, tip1, tip2, tip3, tip4, tip5, tip6, tip7, tip8, tip9, tip10, tip11, tip12, tip13, tip14, tip15, tip16, Uplata, Dobivka, Odds FROM kladilnica WHERE ticket_id='550415' AND 'Username'='VladoRafa' Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'SELECT Username, VladoRafa, Date, ticket_id, match1, match2, match3, match4, mat' at line 2 in C:\xampp\htdocs\asdf\navigation.php on line 208

Stefce 146 Posting Pro · Answer 8 · 2015-06-07T13:11:25+00:00

I have do it like that because of the post if have `` theese it will be outsite the box something like this ANDUsername='VladoRafa' Error: You have an error in your SQL syntax;

diafol · Answer 9 · 2015-06-07T13:31:19+00:00

I have do it like that

Well you can't, that's all there is to it.
Columns should not be enclosed in quotes, well, not in your case anyway. I would bet money that the backticks ( `...`) are not the source of your errors.

Stefce 146 Posting Pro · Answer 10 · 2015-06-10T19:43:01+00:00

Stefce 146 Posting Pro

9 Years Ago

so any other options about this problem ?

Stefce 146 Posting Pro · Answer 11 · 2015-06-11T01:39:17+00:00

I tried that but again it gives me the error Invalid Ticket or Receiver

diafol · Answer 12 · 2015-06-11T07:08:38+00:00

At least query runs now. It didn't before. So you' ve managed to reach further. Your new error stems from something else.

beyondperfect 0 Newbie Poster · Answer 13 · 2015-06-11T08:29:09+00:00

beyondperfect 0 Newbie Poster

9 Years Ago

Did you fixed this error ?

Stefce 146 Posting Pro · Answer 14 · 2015-06-11T09:40:50+00:00

Stefce 146 Posting Pro

9 Years Ago

Nope

pritaeas 2,194 ¯\_(ツ)_/¯ Moderator Featured Poster · Answer 15 · 2015-06-11T11:15:03+00:00

pritaeas 2,194 ¯\_(ツ)_/¯

9 Years Ago

Then post the entire current query again.

Stefce 146 Posting Pro · Answer 16 · 2015-06-11T13:24:13+00:00

Here is again the whole query:

<?php
    if(isset($_POST['sendTicket'])) {
        $ticketID = $_POST['ticketID'];
        $ticketReceiver = $_POST['ticketReceiver'];

        $ticket_id = getUserData('kladilnica', 'ticket_id');
        $sender = getUserData('users', 'Username');

        if(!empty($ticketID) && !empty($ticketReceiver)) {
            $sql = "INSERT INTO ticket (senderName, receiverName, Date, ticketID, match1, match2, match3, match4, match5, match6, match7, match8, match9, match10, match11, match12, match13, match14, match15, match16, tip1, tip2, tip3, tip4, tip5, tip6, tip7, tip8, tip9, tip10, tip11, tip12, tip13, tip14, tip15, tip16, Bet, Gain, Odd) 

            SELECT Username, '".$ticketReceiver."', Date, ticket_id, match1, match2, match3, match4, match5, match6, match7, match8, match9, match10, match11, match12, match13, match14, match15, match16, tip1, tip2, tip3, tip4, tip5, tip6, tip7, tip8, tip9, tip10, tip11, tip12, tip13, tip14, tip15, tip16, Uplata, Dobivka, Odds FROM kladilnica WHERE ticket_id='".$ticketID."' AND Username='".$ticketReceiver."'";
            $result = $conn->query($sql);

            if($result === false) {
                trigger_error('Wrong SQL: ' . $sql . ' Error: ' . $conn->error, E_USER_ERROR);
            } else {
                if($ticketReceiver == $sender) {
                ?>
                    <p>You cannnot send to yourself!</p>
                <?php
                } else {
                    if($conn->affected_rows > 0) {
                    ?>
                        <p>Sended successfully</p>
                    <?php
                    } else {
                    ?>
                        <p>Invalid Ticket or Receiver</p>
                    <?php
                    }
                }
            }
        } else {
        ?>
            <p>Can't leave empty</p>
        <?php
        }
    }
?>

pritaeas 2,194 ¯\_(ツ)_/¯ Moderator Featured Poster · Answer 17 · 2015-06-11T13:31:01+00:00

That's your code, I meant the generated query (in $sql). If affected rows retuns zero, then it means that the SELECT part of your query does not return any results. Output the generated query and run the SELECT part against your database.

diafol · Answer 18 · 2015-06-11T21:09:05+00:00

IN addition, you seem to be using raw input data in your SQL - this is v. dangerous (open to SQL injection). Either use a prepared statement or sanitize them.

Stefce 146 Posting Pro · Answer 19 · 2015-06-13T17:15:04+00:00

I realized that i need to select from two tables first the (ticket_id) from kladilnica and secound the (Username) from users to check if exists, so i searched and found this

$sql = "INSERT INTO ticket (senderName, receiverName, Date, ticketID, match1, match2, match3, match4, match5, match6, match7, match8, match9, match10, match11, match12, match13, match14, match15, match16, tip1, tip2, tip3, tip4, tip5, tip6, tip7, tip8, tip9, tip10, tip11, tip12, tip13, tip14, tip15, tip16, Bet, Gain, Odd) 
                                    SELECT Username, '".$ticketReceiver."', Date, ticket_id, match1, match2, match3, match4, match5, match6, match7, match8, match9, match10, match11, match12, match13, match14, match15, match16, tip1, tip2, tip3, tip4, tip5, tip6, tip7, tip8, tip9, tip10, tip11, tip12, tip13, tip14, tip15, tip16, Uplata, Dobivka, Odds FROM kladilnica, users WHERE kladilnica.ticket_id='".$ticketID."' AND users.Username='".$ticketReceiver."'";

**but it gives me error **
Fatal error: Wrong SQL: INSERT INTO ticket (senderName, receiverName, Date, ticketID, match1, match2, match3, match4, match5, match6, match7, match8, match9, match10, match11, match12, match13, match14, match15, match16, tip1, tip2, tip3, tip4, tip5, tip6, tip7, tip8, tip9, tip10, tip11, tip12, tip13, tip14, tip15, tip16, Bet, Gain, Odd) SELECT Username, 'VladoRafa', Date, ticket_id, match1, match2, match3, match4, match5, match6, match7, match8, match9, match10, match11, match12, match13, match14, match15, match16, tip1, tip2, tip3, tip4, tip5, tip6, tip7, tip8, tip9, tip10, tip11, tip12, tip13, tip14, tip15, tip16, Uplata, Dobivka, Odds WHERE kladilnica.ticket_id='550415' AND users.Username='VladoRafa' Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE kladilnica.ticket_id='550415' AND users.Username='VladoRafa'' at line 2 in C:\xampp\htdocs\asdf\navigation.php on line 208
how can i select from two tables so i can check the two elements exists ?