在php

时间:2015-12-04 01:23:41

标签: php mysql

enter image description here

我希望我有一条错误消息,如果那个idno已经完成在2015年注册,不需要唯一的idno因为我必须多余,因为每年idno可以保存或注册在数据库但问题是我想检查他是否已在2015年或2016年或2017年注册。

以下是我保存学生信息的代码:

<?php

if (isset($_POST['save'])){
$stud_id= $_POST['stud_id'];
$idno = $_POST['idno'];
$lastname = $_POST['lastname'];
$firstname = $_POST['firstname'];
$middlename= $_POST['middlename'];
$year= $_POST['year'];
$dept_id = $_POST['dept_id'];
$progid = $_POST['progid'];
$user_type = $_POST['user_type'];
$password= $_POST['password'];
$syear= $_POST['syearid'];
$YearNow=Date('Y');

$sql = mysql_query("SELECT * FROM student where idno = '$idno'")or die(mysql_error());
$count = mysql_num_rows($sql);

$sql1 = mysql_query("SELECT * FROM student,school_year where    student.syearid = school_year.syearid AND school_year.from_year like $YearNow")or die(mysql_error());
$count1 = mysql_num_rows($sql1);


 if (don't know what to condition on this part ) {
    echo"idno $idno has already registered in that year";

}
else{

// query
$sql = "INSERT INTO student VALUES ('$stud_id','$idno','$dept_id','$progid','$syear','0','$lastname','$firstname','$middlename','$year','$password','$user_type')";
$result = mysql_query($sql) or die(mysql_error());



echo "<script type='text/javascript'>\n";
echo "alert('Successfully Added.');\n";
echo "window.location = 'addusers.php';";
echo "</script>";
}

?>

我需要帮助才能获得帮助。感谢

School_year表有(syearid(独特),from_year(2015),to_year(2016))

1 个答案:

答案 0 :(得分:1)

在将变量绑定到查询之前首先清理变量,以防止某些变量SQL injections。您可以使用*_real_escape_string

$lastname = mysql_real_escape_string($_POST['lastname']);

对传递的其他数据执行此操作。

对于你的if()条件,你可以这样做(已经由@ chris85 指出):

if($count >= 1 || $count1 >= 1){

  echo "idno $idno has already registered in that year";

}

请不要使用mysql_* API,因为它已经deprecated,而应使用mysqli_*PDO代替。