<?php
include("config.php");
extract($_POST);
$sql = "INSERT INTO contacts (firstname, lastname, phone, email, address, city, state, zipcode) VALUES ('$fname','$lname','$phone','$email','$address','$city','$state','$zipcode')";
try
{
$mysqli->query($sql);
}
catch (Exception $e) {
// MySQL exception
die($e->getMessage());
}
echo "Thank You For your vote to oppose the Project ";
$mysqli->close();
?>This requires that the column(s) that must be unique to be defined as unique indexes. Also, what php version are you using? It requires that you enable exceptions for errors for the database extension you are using. In php 8+, the default setting is to use exceptions.
Some points for the posted code -
- Use ‘require’ for things your code must have.
- Include/require are not functions. The () around the path/filename do nothing and should be removed.
- Do NOT use extract, ever. Use the correct $_POST variables in your code that you expect data to be in.
- Do NOT put dynamic values directly into sql query statements, where any sql special character in a value can break the sql query syntax. Use a prepared query instead. If it seems like the mysqli extension is overly complicated and inconsistent when dealing with prepared queries, it is. This would be a good time to switch to the much simpler and better designed PDO extension.
- There’s generally no need to close database connections in your code since php destroys all resources when your script ends.
Version 8.4.
I am implementing some canned code from github, something very simple but full of bugs.
thanks.
Changed it to pdo. try still not working
<?php
require 'db.php';
include("config.php");
extract($_POST);
global $pdo;
try {
$stmt = $pdo->prepare("INSERT INTO contacts (firstname, lastname, phone, email, address, city, state, zipcode) VALUES ('$fname','$lname','$phone','$email','$address','$city','$state','$zipcode')");
}
catch (Exception $e) {
// MySQL exception
$e->getMessage();
}
try
{
$stmt->execute();
}
catch (Exception $e) {
// MySQL exception
$e->getMessage();
}
echo "Thank You For your vote to oppose the Project ";
?>Will change extract but want the catch to do the duplicate key. unique on email, and lname,fname.
In my form, using the implementation to remove special chars.
Data submitted to your site can come from anywhere, not just your forms, links, and cookies, can be set to anything, and cannot be trusted. You MUST use data securely on the server.
This is just a call to the exception’s method. It doesn’t output anything. You either need to echo the value or put the value in a die() statement in order to display it.
million thanks.
So what is the best way to handle the duplicate keys. I would think that re-display the data entry page???
In the catch logic, you would test if the error number is for a duplicate index error (1062). If it is not, simply rethrow the exception and let php handle it. Since you have multiple columns defined as unique indexes, you would build and execute a SELECT query at this point to find which columns contain duplicate data, and setup an error message for the user for each duplicate value.
You would test for and display any user/validation errors when you redisplay the form, populating the form field values with the submitted form data, so that the user only needs to correct the errors and can resubmit the form. If your form processing code and form are not on the same page, this would be a good time to reorganize the code.
The code for any page should be laid out in this general order -
- initialization
- post method form processing
- get method business logic - get/produce data needed to display the page
- html document
I did a display of error and the field that is duplicate is mentioned. Mysql is really not that friendly so I guess getting much better.
The column name mentioned in the text error message is just the first unique index with a duplicate value. Any or all of the unique indexes could contain duplicate values.
Could we have specified here mysqli_sql_exception directly rather? or 1062 would still be required?