skip to Main Content

I defined specific values in a table with several rows, stored in mysql database on a table named signals for each user using their emails. The user in turn is fills a form which PHP will check against the defined values in the signal table, if all values matches any of the user row, action is executed, else, another action is executed. When i fill the exact values on the first row into the form, it returns that values matches row, but when i submit the values on the second or third row or any other, it returns that Values do not match row.

Here is my PHP Code, please direct me on what i am doing wrong

$tempo = $reg_user->runQuery("SELECT * FROM signals WHERE email = '$email'");
$tempo->execute(); 
$rowq = $tempo->fetch(PDO::FETCH_ASSOC);

    // assuming a button named buy is clicked 

if(isset($_POST['buy'])) {
    $email = trim($_POST['email']);
    $email = strip_tags($email);
    $email = htmlspecialchars($email);
        
        
    $category = trim($_POST['category']);
    $category = strip_tags($category);
    $category = htmlspecialchars($category);
    
    
    $trading_pair = trim($_POST['trading_pair']);
    $trading_pair = strip_tags($trading_pair);
    $trading_pair = htmlspecialchars($trading_pair);
    
    
    $strike_rate = trim($_POST['strike_rate']);
    $strike_rate = strip_tags($strike_rate);
    $strike_rate = htmlspecialchars($strike_rate);
    
    
    $amount = trim($_POST['amount']);
    $amount = strip_tags($amount);
    $amount = htmlspecialchars($amount);
    
    $interval = trim($_POST['interval']);
    $interval = strip_tags($interval);
    $interval = htmlspecialchars($interval);
    
    $time = trim($_POST['time']);
    $time = strip_tags($time);
    $time = htmlspecialchars($time);


    if($_POST['email'] == $rowq['email']  AND 
        $_POST['category'] == $rowq['category'] AND 
        $_POST['trading_pair'] == $rowq['trading_pair'] AND 
        $_POST['strike_rate'] == $rowq['strike_rate'] AND 
        $_POST['amount'] == $rowq['amount'] AND
        $_POST['interval'] == $rowq['interval']) 
    {
        echo '<script>alert("Input Values Matches row");</script> ';   // row exists. do whatever you would like to do.
    } else {
        echo '<script>alert("Input Values do not match row");</script> ';    // row does not exists. do whatever you would like to do.
    }

It returns Input Values Matches row when i fill in the details on the first row with the first ID but when i fill in the details of the second row below, it always returns Input Values do not match row… I hope i get help with this. Thanks in advance!

Edit: Below is the sql for the table;

    -- phpMyAdmin SQL Dump
-- version 4.9.4
-- https://www.phpmyadmin.net/
--
-- Host: localhost:3306
-- Generation Time: Jan 13, 2021 at 06:18 AM
-- Server version: 10.3.27-MariaDB-log-cll-lve
-- PHP Version: 7.3.6

SET SQL_MODE = "NO_AUTO_VALUE_ON_ZERO";
SET AUTOCOMMIT = 0;
START TRANSACTION;
SET time_zone = "+00:00";


/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
/*!40101 SET NAMES utf8mb4 */;

--
-- Database: `admizafr_lanky`
--

-- --------------------------------------------------------

--
-- Table structure for table `signals`
--

CREATE TABLE `signals` (
  `id` int(10) NOT NULL,
  `email` varchar(40) NOT NULL,
  `category` varchar(40) NOT NULL,
  `trading_pair` varchar(40) NOT NULL,
  `strike_rate` varchar(100) NOT NULL,
  `amount` varchar(2000) NOT NULL,
  `interval` varchar(2000) NOT NULL,
  `time` varchar(2000) NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=latin1;

--
-- Dumping data for table `signals`
--

INSERT INTO `signals` (`id`, `email`, `category`, `trading_pair`, `strike_rate`, `amount`, `interval`, `time`) VALUES
(1, '[email protected]', 'cryptocurrency', 'BCH/EUR', '4;67', '1000', '1', 'success'),
(2, '[email protected]', 'cryptocurrency', 'BCH/USD', '50;2', '1500', '1', 'success'),
(5, '[email protected]', 'cryptocurrency', 'BCH/GBPj', '22;6', '10000', '5', 'success');

--
-- Indexes for dumped tables
--

--
-- Indexes for table `signals`
--
ALTER TABLE `signals`
  ADD PRIMARY KEY (`id`);

--
-- AUTO_INCREMENT for dumped tables
--

--
-- AUTO_INCREMENT for table `signals`
--
ALTER TABLE `signals`
  MODIFY `id` int(10) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=6;
COMMIT;

/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;

2

Answers


  1. You need to gather all rows inside database with that email and loop-compare them.

    function compare() {
        if(!isset($_POST['buy'])) {
            return;
        }
    
        $tempo = $reg_user->runQuery("SELECT * FROM signals WHERE email = '$email'");
        $tempo->execute(); 
        $rows = $tempo->fetchAll(PDO::FETCH_ASSOC);
    
        $email = $this->sanitize('email');
        $category = $this->sanitize('category');
        /* ... */
    
        foreach ($rows as $rowq) {
            if(
                $email == $rowq['email'] && 
                $category == $rowq['category'] && 
                $trading_pair == $rowq['trading_pair'] && 
                $strike_rate == $rowq['strike_rate'] && 
                $amount == $rowq['amount'] &&
                $interval == $rowq['interval']
            ) {
                echo '<script>alert("Input Values Matches row");</script> ';   // row exists. do whatever you would like to do.
    
                return;
            }
        }
    
        echo '<script>alert("Input Values do not match row");</script> ';    // row does not exists. do whatever you would like to do.
    }
    
    function sanitize($input) {
        $output = trim($_POST[$input]);
        $output = strip_tags($output);
        $output = htmlspecialchars($output);
    
        return $output;
    }
    
    Login or Signup to reply.
  2. I made some changes to the original code, to fix some mistakes and add improvements. You can find explanations in the comments. But like i said, please read more about php principles.

    // Use prepared statements to sanitize user input in queries, like bellow.
    $tempo = $reg_user->runQuery("SELECT * FROM signals WHERE email = ?");
    $tempo->execute([$email]);
    $rows = $tempo->fetchAll(PDO::FETCH_ASSOC);
    
    // Call the function for each input ( see, the code looks tidy already )
    $email = sanitize($_POST['email']);          
    $category = sanitize($_POST['category']);
    $trading_pair = sanitize($_POST['trading_pair']);
    $strike_rate = sanitize($_POST['strike_rate']);
    $amount = sanitize($_POST['amount']);
    $interval = sanitize($_POST['interval']);
    $time = sanitize($_POST['time']); // This one is not used, check it.
    
    // assuming a button named buy is clicked
    // Loop trough each row in the database
    foreach ($rows as $rowq) {
        if (isset($_POST['buy'])) {
            // Use the variables you sanitized (not from $_POST), and compare them with the one in the database
            // Beware that there are also && and || operators, check the differences between them,
            // because in some cases they will not work as expected.
            if ($email == $rowq['email'] AND
            $category == $rowq['category'] AND
            $trading_pair == $rowq['trading_pair'] AND
            $strike_rate == $rowq['strike_rate'] AND
            $amount == $rowq['amount'] AND
            $interval == $rowq['interval']) {
                echo '<script>alert("Input Values Matches row");</script> ';   // row exists. do whatever you would like to do.
            } else {
                echo '<script>alert("Input Values do not match row");</script> ';    // row does not exists. do whatever you would like to do.
            }
        }
    }
    
    // Create a functions, like this, with parameters, for duplicate code.
    // It makes the code easier to read
    function sanitize($input) {
      // Also, you can nest functions that return a value,
      // and not assign it to a variable, to make it even shorter
      return htmlspecialchars(strip_tags(trim($input)));
    }
    
    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search