PHP验证提交

Question

我正在开发一个项目，用户可以点击一个项目。如果用户之前点击过它，那么当他尝试再次点击它时，它不应该在数据库上工作或插入值。当我点击第一个项目（我直接从数据库显示项目），它插入到数据库，然后当我再次点击它时，它的工作原理（给我错误代码）不会插入数据库。所有其他项目，当我点击它们，即使我点击第二，第三，第四次，它会插入到数据库中。请帮助家伙。谢谢

<?php 

session_start(); 
$date = date("Y-m-d H:i:s"); 

include("php/connect.php"); 

$query = "SELECT * FROM test ORDER BY `id` ASC LIMIT 3"; 
$result = mysql_query($query); 

if (isset($_SESSION['username'])) { 

    $username = $_SESSION['username']; 

    $submit = mysql_real_escape_string($_POST["submit"]); 

    $tests = $_POST["test"]; 

    // If the user submitted the form. 
    // Do the updating on the database. 
    if (!empty($submit)) { 
     if (count($tests) > 0) { 
      foreach ($tests as $test_id => $test_value) { 
       $match = "SELECT user_id, match_id FROM match_select"; 
       $row1 = mysql_query($match)or die(mysql_error()); 
       while ($row2 = mysql_fetch_assoc($row1)) { 
        $user_match = $row2["user_id"]; 
        $match = $row2['match_id']; 
       } 
       if ($match == $test_id) { 
        echo "You have already bet."; 
       } else { 
        switch ($test_value) { 
         case 1: 
          mysql_query("UPDATE test SET win = win + 1 WHERE id = '$test_id'"); 
          mysql_query("INSERT INTO match_select (user_id, match_id) VALUES ('1','$test_id')"); 
         break; 
         case 'X': 
          mysql_query("UPDATE test SET draw = draw + 1 WHERE id = '$test_id'"); 
          mysql_query("INSERT INTO match_select (user_id, match_id) VALUES ('1','$test_id')"); 
         break; 

         case 2: 
          mysql_query("UPDATE test SET lose = lose + 1 WHERE id = '$test_id'"); 
          mysql_query("INSERT INTO match_select (user_id, match_id) VALUES ('1','$test_id')"); 
         break; 
         default: 

        } 
       } 
      } 
     } 
    } 

    echo "<h2>Seria A</h2><hr/> 
     <br/>Welcome,".$username."! <a href='php/logout.php'><b>LogOut</b></a><br/>"; 

    while ($row = mysql_fetch_array($result)) { 

     $id = $row['id']; 
     $home = $row['home']; 
     $away = $row['away']; 
     $win = $row['win']; 
     $draw = $row['draw']; 
     $lose = $row['lose']; 

     echo "<br/>",$id,") " ,$home, " - ", $away; 

     echo " 
      <form action='seria.php' method='post'> 
       <select name='test[$id]'>   
        <option value=\"\">Parashiko</option> 
        <option value='1'>1</option> 
        <option value='X'>X</option> 
        <option value='2'>2</option> 
       </select> 
       <input type='submit' name='submit' value='Submit'/> 
       <br/> 
      </form> 
      <br/>";   

     echo "Totali ", $sum = $win+$lose+$draw, "<br/><hr/>"; 
    } 
} else { 
    $error = "<div id='hello'>Duhet te besh Log In qe te vendosesh parashikime ndeshjesh<br/><a href='php/login.php'>Kycu Ketu</a></div>"; 
} 

?> 

Answer 1

你的问题是在这里：

$match = "SELECT user_id, match_id FROM match_select"; 
$row1 = mysql_query($match)or die(mysql_error()); 
while ($row2 = mysql_fetch_assoc($row1)) { 
    $user_match = $row2["user_id"]; 
    $match = $row2['match_id']; 
} 

您没有正确检查它。您必须检查match_select中的条目是否存在user_id和match_id。否则，$match将永远是你的数据库等于最后插入的行的match_id领域：

$match = "SELECT * 
    FROM `match_select` 
    WHERE `user_id` = '<your_id>' 
    AND `match_id` = '$test_id'"; 
$matchResult = mysql_query($match)or die(mysql_error()); 
if(mysql_num_rows($matchResult)) { 
    echo "You have already bet."; 
} 

顺便说一句，可以考虑使用PDO或mysqli操纵数据库。 mysql_功能已被弃用：

http://www.php.net/manual/fr/function.mysql-query.php

Answer 2

如果数据已经存在，通过查找表来验证插入记录。

例如

简单的方法是

$query = "SELECT * FROM match_select WHERE user_id = '$user_id'"; 
$result = mysql_query($query); 

if(mysql_num_rows($result) > 0) 
{ 
    // do not insert 
} 
else 
{ 
    // do something here.. 
} 

Answer 3

在您的形式你有<select name='test[$id]'>（每个项目），那么当你提交你得到$tests = $_POST["test"];形式不需要指定索引表格并且可以简单地做<select name='test[]'>，您最终可以添加一个隐藏字段，其ID为<input type="hidden" value="$id"/>。第二部分是目前不太好的验证;你可以简单地检查itemalready在数据库中存在与查询