I'm creating a reservation system in which a user will enter some details for reservation e.g. Facility, Date, Time. The question is, if another user wants to reserve the same facility, date and time that has been recorded inside the database (tbl_reservation) it will redirect the user to a page (for now index.php) and the reservation made will not be recorded.
Here's my codes and its not working properly still, the system still stores the records again and doesn't redirect to index.php, or should I start it all over again.
// *** Redirect if reservation exists
$MM_flag="MM_insert";
if (isset($_POST[$MM_flag])) {
$MM_dupKeyRedirect="index.php";
$res_location = $_POST['res_location']; //Location_Facility
$res_classroom = $_POST['res_classroom']; //Classroom
$res_inclusive_date = $_POST['res_inclusive_date']; //Inclusive Date
$res_inclusive_time_start = $_POST['res_inclusive_time_start']; //Inclusive Time
$LoginRS__query = sprintf("SELECT Location_Faculty FROM tbl_reservation WHERE Location_Faculty=%s AND Classroom=%s AND Inclusive_Date=%s AND Inclusive_Time=%s ",
GetSQLValueString($res_location, "text"),
GetSQLValueString($res_classroom, "text"),
GetSQLValueString($res_inclusive_date, "date"),
GetSQLValueString($res_inclusive_time_start, "date"));
mysql_select_db($database_myConnection, $myConnection);
$LoginRS=mysql_query($LoginRS__query, $myConnection) or die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
//if there is a row in the database, the reservation was found - can not add the requested reservation
if($loginFoundUser){
$MM_qsChar = "?";
//append the username to the redirect page
if (substr_count($MM_dupKeyRedirect,"?") >=1) $MM_qsChar = "&";
$MM_dupKeyRedirect = $MM_dupKeyRedirect . $MM_qsChar ."requsername=".$res_location;
header ("Location: $MM_dupKeyRedirect");
exit;
}
}
the codes there are SQL Injection free because of the "GetSQLValueString" function. I'm looking forward to the right solution :)
Godbless and thanks in advance
Aucun commentaire:
Enregistrer un commentaire