OK Chris,

I understand that we're checking checking the form data and escaping it, but 
can explain what's going on in the WHERE clause and  1=1 tad bit more.

"Chris" <[EMAIL PROTECTED]> wrote in message 
> kvigor wrote:
>> /*Good Morning to All,
>> I am having an issue with the following code.  I'm trying to match 
>> $newRegistrant(which is concatenated form data) with $oldRegistrant(which 
>> is concatenated DB data).
> First thing I'd suggest is making the code clearer about what's going on.
> Doing it the way I have below will also make it faster because you don't 
> have to check every registrant to see if they already there - make the 
> database do the work for you.
> $newRegistrant_query = "SELECT 
> conName,conAddress,conCity,conState,conPhone,schName,schCity,schState,strName,strCity,strState
> FROM central WHERE ";
> if(isset($_POST['submit'])) {
> $fields_to_check = array('conName', 'conAddress', 'conCity' ..... add more 
> fields here);
> foreach ($fields_to_check as $field_name) {
> $newRegistrant_query .= $field_name . "='" . 
> mysql_real_escape_string($_POST[$field_name]) . "' AND ";
> }
> // you can either remove the last AND from the query or just add this on 
> so you don't need to worry about a mal-formed query.
> $newRegistrant_query .= "1=1";
> }
> Then
> $matchQueryResult_result = mysql_query($newRegistrant_query,$connection) 
> or die
> ("Query Failed".mysql_error());
> $found_registrant = false;
> while ($row = mysql_fetch_assoc($matchQueryResult_result)) {
> $found_registrant = true;
> // check your datestamps.
> }
> // they have never registered before
> if (!$found_registrant) {
>   // make up an insert query and add them.
> }
> makes it a lot easier to read and be a lot easier to debug.
> -- 
> Postgresql & php tutorials
> http://www.designmagick.com/ 

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to