Yuval Sh Posted October 24, 2021 Share Posted October 24, 2021 First of all Your Books are the world for me. valuable and reliable content Thanks. In chapter 9 as we are doing update for the password I adjusted a little bit the code and I come up on an issue I can't solve. If I'm inserting information to the inputs with similar content to the one already exist in the database table mysqli_affected_rows($dbc) return 0 , So how could I differentiate between an error in the update to the situation when just any change didn't take place in the process of the Update? Link to comment Share on other sites More sharing options...
Larry Posted October 25, 2021 Share Posted October 25, 2021 Thanks so much for the nice words! I really appreciate it. This is an excellent question! What you can do is just use mysqli_query() as the conditional. The function returns a false value if it didn't run (i.e., there's an error), which is a different thing than the query running but not affecting a change. https://www.php.net/manual/en/mysqli.query.php Link to comment Share on other sites More sharing options...
Yuval Sh Posted October 26, 2021 Author Share Posted October 26, 2021 Hi Thanks for your answer. I have played with the function mysqli_query() to verify the results There are 4 main Scenarios Scenario 1 INSERT INTO (column name) VALUE ('value') WHERE something_id = id id = real id from the database (FOREIGN KEY) ; mysqli_query() = 1 (true) mysqli_affected_rows($dbc) = 1 (true) Scenario 2 INSERT INTO (column name) VALUE ('value') WHERE something_id = id ; id = fake id (not exist in the databse) mysqli_query() = 0 (false) mysqli_affected_rows($dbc) = -1 (false) Scenario 3 UPDATE TABLE table_name SET column_name = 'value' WHERE something_id = id ; id = id real id from the database (FOREIGN KEY) (Changing value in the table) mysqli_query() = 1 (true) mysqli_affected_rows($dbc) = 1 (true) (Don't changing value in the table) mysqli_query() = 1 (true) mysqli_affected_rows($dbc) = 0 (false) Scenario 4 UPDATE TABLE table_name SET column_name = 'value' WHERE something_id = id ; id = fake id (not exist in the databse) mysqli_query() = 1 (true) mysqli_affected_rows($dbc) = 0 (false) So after all that my claim is that mysli_query() return true although when the id isn't real, so it is not a good indication since if somehow my id value isn't correct (or any other problem i didn't tested yet) I won't be able to know that and stop the execution of the code after this point. Sorry about the length and I do understand it's already out of the book scope I just tested the function and thought you may be interested in the results. if you have solution I'll be glad to hear from you Thanks ahead Yuval Link to comment Share on other sites More sharing options...
Larry Posted October 27, 2021 Share Posted October 27, 2021 If you're concerned about a fake ID scenario AND such a query not affecting any rows is cause to stop execution of the code, you could run a SELECT query using the ID first to validate that it's real before running the UPDATE. That being said, doing all that seems to me like adding extra overhead to "solve" a problem that's not really a problem. The UPDATE query, like on a password change, should use the primary key, which is immutable, and therefore not user-provided. It's unclear how a fake ID would get into the mix. Link to comment Share on other sites More sharing options...
Recommended Posts