0

this is my coding. I want to check the duplicate data. If duplicate data exists, the alert will pop-out, but once I click on OK, it will go to a blank page and cannot return to the form. How to make it pop-out an alert but without refresh the page?

<?php

include "db_con.php";
if (isset($_POST['edit_appt'])) {
    $appointment_id = $_POST['appointment_id'];
    $job_number = $_POST['job_number'];
    $technician_id = $_POST['technician_id'];
    $appointment_date = $_POST['appointment_date'];
    $appointment_time = $_POST['appointment_time'];

    $query = "SELECT * FROM appointment WHERE technician_id='$technician_id' && appointment_date='$appointment_date' && appointment_time='$appointment_time';";
    $result = mysqli_query($con, $query);
    if (mysqli_num_rows($result) == 1) {
        echo "<script>alert('Technician is unavailable! Please select another technician!!')</script>";
    } else {
        $query2 = "UPDATE appointment SET technician_id='$technician_id' WHERE appointment_id='$appointment_id'";
        $result2 = mysqli_query($con, $query2);
        if ($result2) {
            $query1 = "UPDATE reparation SET technician_id='$technician_id',notification_status='unread' WHERE job_number='$job_number'";
            $result1 = mysqli_query($con, $query1);
            if ($result1) {
                echo "<script>alert('Updated!')</script>";
                echo "<script>window.open('admin_appt.php','_self')</script>";
            }
        }
    }
}
Mikhail Prosalov
  • 3,493
  • 3
  • 23
  • 34
Maymay
  • 3
  • 1
  • 1
    Hello and welcome to SO! Please read the [tour](https://stackoverflow.com/tour), and [How do I ask a good question?](https://stackoverflow.com/help/how-to-ask) Please also read [How to create a Minimal, Reproducible Example](https://stackoverflow.com/help/minimal-reproducible-example). For example is there any issue with this code? If so, what is the issue? – Tomer Shetah Dec 27 '20 at 11:12
  • And see about sql injection and the importance of prepared and bound queries – Strawberry Dec 27 '20 at 11:15
  • This is not a question about `php`, but about `javascript`, since that is the language you are using for the client side popup. – arkascha Dec 27 '20 at 13:32

1 Answers1

0

One of the solutions is to do a javascript redirection.

Try changing

echo "<script>alert('Technician is unavailable! Please select another technician!!')</script>";

to

echo "<script>alert('Technician is unavailable! Please select another technician!!'); history.go(-1);</script>";

Please also consider using parameterized prepared statement to avoid SQL injection, as Strawberry has mentioned. (you may refer to this: How can prepared statements protect from SQL injection attacks?)

Ken Lee
  • 2,537
  • 2
  • 4
  • 21
  • Hi, how can do a javascript redirection? I'm a new learner. – Maymay Dec 27 '20 at 17:07
  • please use the codes in my answer, it has "history.go(-1)" (redirection) – Ken Lee Dec 27 '20 at 17:10
  • It worked! Thank you! – Maymay Dec 27 '20 at 17:13
  • Good to know that you fixed the problem. Please mark this question as "answered" so we can close it. Thanks – Ken Lee Dec 27 '20 at 17:14
  • Hi, for the prepared statement, can u give me an example based on my coding? Because I don't quite understand. – Maymay Dec 27 '20 at 17:18
  • https://www.php.net/manual/en/pdo.prepare.php (see example 1 and example 2). – Ken Lee Dec 27 '20 at 17:22
  • Actually your codes can work, but if a skilled hacker tries to hack your site , he/she may hack into your site thru SQL injection if you use your current codes . But if you change your codes to PDO prepared statements, you can avoid this hacker from hacking into your site thru SQL injection. HOWEVER, the hacker can still use other means to hack into your site (such as system vulnerabilities, etc.), but this is another story. – Ken Lee Dec 27 '20 at 17:26
  • Thank you! I will try to learn PDO prepared statements. – Maymay Dec 27 '20 at 17:27
  • You are welcome.Have a nice day and let's look forward to a better year (2021) – Ken Lee Dec 27 '20 at 17:29