Help with PHP MySQL alert if info is not in database

Stkr Dngr

Regular Member
Joined
Sep 14, 2017
Messages
224
Reaction score
26
I am developing a ship tracking website for a client and I was not the one that wrote the code from scratch, so the problem I am having with this is that when someone enters a wrong tracking number(a number that has not been registered in the database) it displays a shipment but with empty fields. I want it to tell the user that it could not find the tracking number or that the number does not exist in the database, instead of returning something empty. If maybe user mistakenly makes a typo it will display an empty track details and before user discovers that he made a mistake he would think the wrong number was sent to him, i want it to tell them that it is incorrect when they make a mistake. This is the code via pastebin https://pastebin.com/yzESZP4g .
 

knaitas

BANNED
Joined
Jul 26, 2016
Messages
176
Reaction score
140
Website
www.kigbot.com
first do a select query and then check if any results were returned. If the query returned is empty it means that the shipment does not exist/ is wrong else show the shipment. Im on my phone so cannot really write the code
 

Sheepp

Jr. VIP
Jr. VIP
Joined
Jan 15, 2018
Messages
894
Reaction score
550
Website
www.seowl.co
Oh my .. :eek:

NEVER, EVER, put this code in production as is ok ?

There are several security flaws (and i mean, enormous one) the first one being SQL injection.

I'd suggest you to google this and update your code, otherwise your database will be hacked in less than 2 secs ;);)

For your original question : as said above, this can easily be done by doing an empty comparison on the sql query result before displaying the actual data.

Something along (in rough pseudo code):
result =sqlQuery()
if (result == empty)
DisplayErrorMessage
Else
DisplayData
 

Stkr Dngr

Regular Member
Joined
Sep 14, 2017
Messages
224
Reaction score
26
Oh my .. :eek:

NEVER, EVER, put this code in production as is ok ?

There are several security flaws (and i mean, enormous one) the first one being SQL injection.

I'd suggest you to google this and update your code, otherwise your database will be hacked in less than 2 secs ;);)

For your original question : as said above, this can easily be done by doing an empty comparison on the sql query result before displaying the actual data.

Something along (in rough pseudo code):
result =sqlQuery()
if (result == empty)
DisplayErrorMessage
Else
DisplayData
:( that didn't work. If you can be a bit more precise.

About the exploit problem, goodluck to the dumb hacker that is looking for credit card details in the DB.:D
 

FaithlessDbo

Regular Member
Joined
Feb 16, 2017
Messages
283
Reaction score
129
Website
scrapetheworld.com
:( that didn't work. If you can be a bit more precise.

About the exploit problem, goodluck to the dumb hacker that is looking for credit card details in the DB.:D

It's not just that. He could drop your DB so all the stored data is gone. I would suggest for starters that you to put all the input settings into variables and then use the variables in your if then else statements.
 

Sheepp

Jr. VIP
Jr. VIP
Joined
Jan 15, 2018
Messages
894
Reaction score
550
Website
www.seowl.co
:( that didn't work. If you can be a bit more precise.

About the exploit problem, goodluck to the dumb hacker that is looking for credit card details in the DB.:D

What didn't work ? Post your code. Did you search on google ? I'm pretty sure you can find some similar code, as a database query is very common ;)

The "hacker" might not be looking for credit cards. In fact here the hole is so big that even a 12 year old could rape and delete your site database with a free automated tool, and not to get CC's but just to feel powerful ;)
 

rimvy

Regular Member
Joined
Oct 8, 2017
Messages
455
Reaction score
165
PHP:
if (mysql_num_rows($Result) == 0) {
   //results are empty, do something here
} else {
     //processing when you have some data
}

One of solutions is to check if any rows is returned.
 
Top