-1

I have two tables with 1 identical data column for comparison.

One table "species" is a wide list of species and each data row has one unique id called "suid" add. to its primary id as usual. The second table "printpipe" is a shopping cart for printouts and each row has the suid from the species and a unique personal id from the user "guid".

Now I want to get all rows from "species" having empty field "stockimg" and not "noimage.png" in field "stockimg" AND do not exist in table "printpipe" with same suid AND having memb_guid identical to users guid I have as variable $guid

My query I tried is:

$get_allspecies = $mysqli->query("SELECT * FROM  species WHERE stockimg <> 'noimage.png' AND stockimg <> '' AND NOT EXISTS (SELECT * FROM printpipe WHERE printpipe.suid = species.suid AND memb_guid = '$guid') ORDER BY name_sc, name_de");

But it doesn't work. What am I doing wrong?

Improve this question
2
  • I forgot to tell that it is to list all data sets not being already in shopping cart Commented Feb 21, 2021 at 14:00
  • Please consider following these suggestions. Commented Feb 21, 2021 at 15:20

2 Answers 2

Reset to default
0

Thank you for your reply. I further investigated more in this yesterday and got this solution:

SELECT * FROM species WHERE stockimg <> 'noimage.png' AND stockimg <> '' AND suid NOT IN (SELECT suid FROM printpipe WHERE memb_guid = '$guid') ORDER BY name_sc, name_de

this worked for me. "noimage.png" is an image file showing a dummy image in case no corresponding image has already been uploaded. To be sure also empty fields are handled i have also exclaimed them. So only fields with images are taken. And they needed to be compared with the other table printpipe where suid is also used and so can be compared. So now if the user has the species already in his printpipe (cart) the species is not shown in the other list (catalogue) anymore to be chosen for the shopping cart for printsenter image description here

Improve this answer
-1

You should use LEFT JOIN for this which will take all the records from the table of the left hand side of the JOIN. Then you can use a WHERE clause to filter out anything but the species not in printpipe. It'll make the code a lot simpler, like so:

SELECT S.*
FROM species S
LEFT JOIN printpipe P
    ON S.suid = P.suid
WHERE 
    S.memb_guid = '$guid' -- Member GUID
    AND S.stockimg <> '' -- Not empty
    AND S.stockimg <> 'noimage.png' -- Not noimage.png
    AND P.suid IS NULL -- Doesn't exist in printpipe
ORDER BY S.name_sc, S.name_de

This assumes the memb_guid field is part of the species table (otherwise if it's part of the printpipe table it's not possible to get records that don't exist in printpipe for a specific value in printpipe).

Also your post says "having empty field "stockimg"" but your query does not empty field stockimg. I assumed your post had a typo and you really meant not empty.

Note for anyone who cares about security in addition to the logical and syntactical answer to this question, using inline variables as part of a SQL string (such as in OP's example) are susceptible to SQL injections. There are alternative ways to leverage variables as part of the query instead.

Improve this answer
6
  • this is insecure as it i s vulnerable to sql injection. Commented Feb 21, 2021 at 15:20
  • @nbk No it's not because it is just a raw query. If OP uses it in such a way that is insecure, sure that's possible, but that's outside the context of my answer. You're welcome to comment on OP's original post which may be an insecure way of running a SQL query, but you shouldn't downvote my answer which isn't the same as OP's usage of his query. Commented Feb 21, 2021 at 16:21
  • every unsecure Answer will be downvoted, as the insecurity is not mentioned or corrected Commented Feb 21, 2021 at 16:54
  • @nbk Sorry but that just doesn't make sense, you are incorrect. It's only insecure if used in an insecure way, it is not insecure as a query in itself, such as if it was manually ran in MySQL Workbench. One could argue any query is insecure and be downvoted based on the loose criteria you're using. Not to mention, SQL injection vulnerabilities is irrelevant to OP's question, but you certainly can inform OP on better practices as a sidenote, as I mentioned. Commented Feb 21, 2021 at 18:22
  • No, sql injection comes mostly because inexperienced user copy code from high rep users, so it is their duty to help to prevent this. Commented Feb 21, 2021 at 18:27

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.