I have a sports games picks application that goes by weeks. Right now if you pick a week that you already picked I get a php error. Instead of that I would like to just display a message to the user saying you have already picked for this week.
Heres the error that I get when I pick for the same week
ERROR: duplicate key value violates unique constraint "user_record_pkey"
DETAIL: Key (username, week_no)=(john, 1) already exists
Heres my code
<?php
session_start();
require_once("dbconnect.php");
$flag = 0;
$row = 1;
// $weekest = $_POST['weekNum'];
$result3 = pg_query($conn, 'INSERT INTO demo.user_record VALUES (\''.$_SESSION['username'].'\','.$_POST['weekNum'].',0,0)') or die(pg_last_error());
//echo $_POST['picks0'];
//echo $_POST['picks1'];
for($row=1;$row<=$_POST['numPicks'];$row++){
$pickName = "picks" . $row;
echo $pickName;
if($_POST[$pickName] == "picks$row")
{
$pick = $_POST['Tname'.$flag];
$flag+=2;
}
else
{
$flag++;
$pick = $_POST['Tname' . $flag];
$flag++;
}
//echo "error2";
$result2 = pg_prepare($conn, "myquery".$row, 'INSERT INTO demo.user_picks VALUES ($1,$2,$3,$4)') or die(pg_last_error());
$result2 = pg_execute($conn, "myquery".$row, array($_SESSION['username'],$_POST['weekNum'], $row, $pick)) or die(pg_last_error());
echo "finished";
}
?>
First, the function pg_query() returns FALSE on error. You need to check for that. There are code examples in the linked documentation.
Second, your code is prone to SQL injection. You shouldn't use pg_query() for this kind of problem. You should use pg_query_params() instead. (Same link. Search for "String interpolation of user-supplied data is extremely dangerous".)