Jump to content
Larry Ullman's Book Forums

Recommended Posts

First of all

Your Books are the world for me. valuable and reliable content Thanks.

In chapter 9 as we are doing update for the password I adjusted a little bit the code and I come up on an issue I can't solve.

If I'm inserting information to the inputs with similar content to the one already exist in the database table mysqli_affected_rows($dbc) return 0 ,

So how could I differentiate between an error in the update to the situation when just any change didn't take place in the process of the Update?   

Link to comment
Share on other sites

Thanks so much for the nice words! I really appreciate it. 

This is an excellent question! What you can do is just use mysqli_query() as the conditional. The function returns a false value if it didn't run (i.e., there's an error), which is a different thing than the query running but not affecting a change.

https://www.php.net/manual/en/mysqli.query.php

Link to comment
Share on other sites

Hi Thanks for your answer.

I have played with the function mysqli_query() to verify the results 

There are 4 main Scenarios

Scenario 1

INSERT  INTO (column name) VALUE ('value') WHERE something_id = id 

id = real id from the database (FOREIGN KEY) ;

mysqli_query() = 1 (true) 

mysqli_affected_rows($dbc) = 1 (true) 

Scenario 2

INSERT  INTO (column name) VALUE ('value') WHERE something_id =  id ; 

id = fake id  (not exist in the databse)

mysqli_query() = 0  (false)

mysqli_affected_rows($dbc) = -1 (false)

Scenario 3

UPDATE TABLE  table_name  SET  column_name =  'value'  WHERE something_id = id ; 

id =  id  real id from the database (FOREIGN KEY)

(Changing value in the table)

mysqli_query() = 1  (true)

mysqli_affected_rows($dbc) = 1 (true)

(Don't changing value in the table)

 

mysqli_query() = 1  (true)

mysqli_affected_rows($dbc) = 0 (false)

Scenario 4

UPDATE TABLE  table_name  SET  column_name =  'value'  WHERE something_id = id ; 

id = fake id  (not exist in the databse)

mysqli_query() = 1  (true)

mysqli_affected_rows($dbc) = 0 (false)

So after all that

  my claim is that mysli_query()  return true although when the id isn't real, so it is not a good indication since if somehow my id value isn't correct (or any other problem i didn't tested yet) I won't be able to know that and stop the execution of the code after this point.

 

Sorry about the length and I do understand it's already out of the book scope I just tested the function and thought you may be interested in the results.

if you have solution I'll be glad to hear from you

Thanks ahead 

Yuval

Link to comment
Share on other sites

If you're concerned about a fake ID scenario AND such a query not affecting any rows is cause to stop execution of the code, you could run a SELECT query using the ID first to validate that it's real before running the UPDATE.

That being said, doing all that seems to me like adding extra overhead to "solve" a problem that's not really a problem. The UPDATE query, like on a password change, should use the primary key, which is immutable, and therefore not user-provided. It's unclear how a fake ID would get into the mix.  

Link to comment
Share on other sites

 Share

×
×
  • Create New...