Go Back   CodingForums.com > :: Server side development > PHP
Reload this Page Unwanted sumbmisson to the database

Before you post, read our: Rules & Posting Guidelines

Reply
 
Thread Tools Rate Thread
Enjoy an ad free experience by logging in. Not a member yet? Register.
Old 01-09-2008, 09:04 AM   PM User | #1
Jon W
Regular Coder

 
Join Date: Jan 2008
Posts: 334
Thanks: 9
Thanked 0 Times in 0 Posts
Jon W is an unknown quantity at this point
Unwanted sumbmisson to the database
Alright, so here is the problem,

I have a Register form right now that I'm using to learn and get the feel for using PHP. I have a if statement to check in the database if a user has already submited the same users, and if there is already a user with that name, it comes back false, the same is for the email address. So heres the problem, if you say for eample type in a user name that is already in the database it will come back with the error, but it will also submit the info that you have already typed in if all of the fields are filled in. Which means that you get two users names that are the same and the persons email address so when he does go and find a name that isn't already been used, he wont be able to use his email address because it will be already in the database. How do I fix such problem? I've used the if(isset($_POST['submit'])) to make sure that, but it seems to ignore that script and go on through with its actions...

PHP Code:


<?php

include("db.php");
include("function.php");

  if(isset($_POST['submit']))
{  
   
   $query mysql_query("SELECT username FROM users WHERE username = '".mysql_real_escape_string($_POST['username'])."'") or die('Database error: ' .mysql_error());
     
       $checkuser mysql_fetch_row($query);
       
       if(isset($_POST['submit']) && $checkuser 0)
         {
         $error 'This username is already being used.'; include("register.php");
         }
         
         $query1 mysql_query("SELECT email FROM users WHERE email = '".mysql_real_escape_string($_POST['email'])."'") or die('Database error: ' .mysql_error());
         
         $checkemail mysql_fetch_row($query1);
         
         if(isset($_POST['submit']) && $checkemail 0)
         
           {
           $error 'This Email is already being used.';
           include("register.php");
           }
     


     if(isset($_POST['submit']) && empty($_POST['username']))
       {
       $error 'Please fill in your username';
       include("register.php");
       }
     elseif(isset($_POST['submit']) && empty($_POST['password'])) 
       {
       $error 'Please fill in a password';
       include("register.php");
       }
     elseif(isset($_POST['submit']) && $_POST['password'] != $_POST['comfirmed_password'])
       {
       $error 'Your passwords do not match. Please retype them and try again';
       include("register.php");
       }
     elseif(isset($_POST['submit']) && empty($_POST['email']))
       {
       $error 'Please fill in your email';
       include("register.php");
       }
     elseif(isset($_POST['submit']) && $_POST['email'] != $_POST['comfirmed_email'])
       {
       $error 'Your emails do not match. Please retype them and try again';
       include("register.php");
       }
            
  
  else
   
     {
     
     $query mysql_query("INSERT INTO users(`id`, `username`, `password`, `email`, `random_key`) VALUES('', '".mysql_real_escape_string($_POST[username])."', '".mysql_real_escape_string(md5($_POST[password]))."', '".mysql_real_escape_string($_POST[email])."', '".random_string('alnum'32)."')") or die('Database error: ' .mysql_error());
     
     $getuser mysql_query("SELECT id, username, email, random_key FROM users WHERE username = '".mysql_real_escape_string($_POST['username'])."'") or die('Database error: ' .mysql_error());
     
     if(mysql_num_rows($getuser)==1)
     
     {
     
     $row mysql_fetch_assoc($getuser);
     
      $header "From: TopGameHQ";
      $subject "Account Registerion";
      
      $message "Dear ".$row['username'].",\r\n\r\n Your account is almost actived. To finish your activeion, please click this link: http://topgamehq.com/learn/comfirm.php?id=".$row['id']."&amp;key=".$row['random_key']."\r\n\r\n Thank you for joining TopGameHQ!";
      
      if(mail($row['email'], $subject$message$header))
      
      {
      $msg '<fieldset style=\"width:500px; height:100px;\"><legend>Comfirm email</legend>Account was created. Please login to your email and comfirme your account.</fieldset>';
      ?>
      
      <html>
<head><title>TopGameHQ - Register</title>

<style type="text/css">

body { background-color:#000000;
margin-top:6px;
}

.main_table_border {
border: 1px solid #FF6600;
}

.input_table {
font-size:12px;
font-style:normal;
color:#000000;
}

fieldset {
border: 1px solid #FF6600;
}

.input {
border: 1px solid #FF6600;
font-size:12px;
font-weight:bold;
font-style:normal;
font-family:inherit;
}

</style></head>
   <body>
   
 <table width="750" align="center" cellpadding="0" cellspacing="0" class="main_table_border">
   <tr>
      <td align="center" valign="top" height="800" bgcolor="#FFFFFF">  
   
   <table width="750" align="center" cellpadding="0" cellspacing="0" bgcolor="#FF6600">
    <tr>
       <td height="70" align="center" valign="midddle"><span class="header">TopGameHQ - Register</span></td>
    </tr>   
   </table>
   
    <table width="700" align="center" cellpadding="0" cellspacing="0" class="input_table">
  <tr>
    <td>&nbsp;</td>
  </tr>   
    <tr>
     <td align="center" valign="top"><?php echo($msg); ?></td>
    </tr>
  
  </table>
  </td></tr>
  </table>
  </body>
  </html>
  
  <?php   
      
      }
      else
      {
      $error 'We created your account, but failed to send a email out';
      }
    }
    
    

}

}
?>
I'm sure its something easy that I'm over looking. But with me not having that much knowledge and seeing that I'm still in the process of learning, its hard for me to find these errors.

Thanks for your help
Jon W
Jon W is offline   Reply With Quote
Old 01-09-2008, 10:26 AM   PM User | #2
Jon W
Regular Coder

 
Join Date: Jan 2008
Posts: 334
Thanks: 9
Thanked 0 Times in 0 Posts
Jon W is an unknown quantity at this point
I figured it out I think. For the checkuser and checkemail I put:

PHP Code:

   $query mysql_query("SELECT username FROM users WHERE username = '".mysql_real_escape_string($_POST['username'])."'") or die('Database error: ' .mysql_error());
     
       $checkuser mysql_fetch_row($query);
       
       if(isset($_POST['submit']) && $checkuser 0)
         {
         $error 'This username is already being used.'; include("register.php");
          return false;
         }
         
         $query1 mysql_query("SELECT email FROM users WHERE email = '".mysql_real_escape_string($_POST['email'])."'") or die('Database error: ' .mysql_error());
         
         $checkemail mysql_fetch_row($query1);
         
         if(isset($_POST['submit']) && $checkemail 0)
         
           {
           $error 'This Email is already being used.';
           include("register.php");
           return false;
           } 

Notice that I put 'Return false'. I don't know if this is the right way I should do it or not, but it works. lol

If you have any suggestions or comments on this, please give me the most feedback as you want. Any info helps!

Thanks
Jon W
Jon W is offline   Reply With Quote
Old 01-09-2008, 03:29 PM   PM User | #3
aedrin
Senior Coder

 
Join Date: Jan 2007
Posts: 1,648
Thanks: 1
Thanked 58 Times in 54 Posts
aedrin will become famous soon enough
The return 'function' is in most cases used for 1) returning a value from a function or sometimes (rarely) used to 2) return a value from an include. You don't need to use return in this situation, because PHP does not expect a result out of the main script.

This code is a good candidate however to be put into a function. Look up the syntax on PHP functions and try implementing it.

As for your technique.

PHP Code:
       $checkuser mysql_fetch_row($query);
       
       if(isset($_POST['submit']) && $checkuser 0
It is more logical/efficient to check in this way:

PHP Code:
if (isset($_POST['submit'])) {
    $result mysql_query("SELECT username FROM users WHERE username = '".mysql_real_escape_string($_POST['username'])."'") or die('Database error: ' .mysql_error());
    if (mysql_num_rows($result) > 0) {
        $error 'This username is already being used.';
        include("register.php");
        return false;
    }
    // repeat for email
What is contained in register.php? The registration form?

You probably should be setting it up a little differently.

Code:
if form was submitted
    // perform other checks
    if username is taken
         error = 'username is taken'
    if email is taken
         error = 'email is taken'

if not submitted or error exists then
    display form
else
    display thank you
EDIT: Didn't read your initial post fully.
Last edited by aedrin; 01-09-2008 at 03:35 PM..
aedrin is offline   Reply With Quote
Reply

Bookmarks

Jump To Top of Thread


« Previous Thread | Next Thread »
Thread Tools
Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT +1. The time now is 04:17 PM.
Advertisement
Log in to turn off these ads.