Jump to content
Larry Ullman's Book Forums
Sign in to follow this  
konfused

Stop Duplicate Email Entries

Recommended Posts

The registration page containing the following code works fine except for one irritating fault.

The lines commented in capital letters in the following code are supposed to stop duplicate email entries but they don't. Can you spot the mistake please?

<?php
require ('mysqli_connect.php'); // Connect to the database.
// This code inserts a record into the users table
// Has the form been submitted?
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
	$errors = array(); // Start an array to hold the errors
	// Check for a title:
	if (empty($_POST['title'])) {
		$errors[] = 'You forgot to enter your title.';
	} else {
		$title = mysqli_real_escape_string($dbcon, trim($_POST['title']));
	}
	// Check for a first name:
	if (empty($_POST['fname'])) {
		$errors[] = 'You forgot to enter your first name.';
	} else {
			$fn = mysqli_real_escape_string($dbcon, trim($_POST['fname']));
	}
	// Check for a last name:
	if (empty($_POST['lname'])) {
		$errors[] = 'You forgot to enter your last name.';
	} else {
		$ln = mysqli_real_escape_string($dbcon, trim($_POST['lname']));
	}
	// Check for an email address:
	if (empty($_POST['email'])) {
		$errors[] = 'You forgot to enter your email address.';
	} else {
		$e = trim($_POST['email']);
	}
	// Check for a password and match it against the confirmed password:
	if (!empty($_POST['psword1'])) {
		if ($_POST['psword1'] != $_POST['psword2']) {
			$errors[] = 'Your two passwords did not match.';
		} else {
			$p = mysqli_real_escape_string($dbcon, trim($_POST['psword1']));
		}
	} else {
		$errors[] = 'You forgot to enter your password.';
	}
	if (empty($_POST['uname'])) {
		$errors[] = 'You forgot to enter your secret username.';
	} else {
		$uname = trim($_POST['uname']);
	}
// Check for an membership class
	if (empty($_POST['class'])) {
		$errors[] = 'You forgot to choose your membership class.';
	} else {
		$class = trim($_POST['class']);
	}
	// Check for address1:
	if (empty($_POST['addr1'])) {
		$errors[] = 'You forgot to enter your address.';
	} else {
		$ad1 = mysqli_real_escape_string($dbcon, trim($_POST['addr1']));
	}
	// Check for address2:
		if (!empty($_POST['addr2'])) {
		$ad2 = mysqli_real_escape_string($dbcon, trim($_POST['addr2']));
}else{
$ad2 = NULL;
	}
	// Check for city:
	if (empty($_POST['city'])) {
		$errors[] = 'You forgot to enter your City.';
	} else {
		$cty = mysqli_real_escape_string($dbcon, trim($_POST['city']));
	}
// Check for the county:
	if (empty($_POST['county'])) {
		$errors[] = 'You forgot to enter your county.';
	} else {
		$cnty = mysqli_real_escape_string($dbcon, trim($_POST['county']));
	}	
	// Check for the post code:
	if (empty($_POST['pcode'])) {
		$errors[] = 'You forgot to enter your post code.';
	} else {
		$pcode = mysqli_real_escape_string($dbcon, trim($_POST['pcode']));
	}
	// Check for the phone number:
		if (!empty($_POST['phone'])) {
		$ph = mysqli_real_escape_string($dbcon, trim($_POST['phone']));
}else{
$ph = NULL;
	}
	if (empty($errors)) { // If everything is OK
//DETERMINE WHETHER THE EMAIL ADDRESS HAS ALREADY BEEN REGISTERED	
$q = "SELECT user_id FROM users WHERE email = '$e'";
		$result = mysqli_query ($dbcon, $q);
if (mysqli_num_rows($result) == 0){//The mail address has not been registered already therefore...	
// Register the user in the users table
		$q = "INSERT INTO users (user_id, title, fname, lname, email, psword, registration_date, uname, class, addr1, addr2, city, county, pcode, phone, paid) VALUES (' ', '$title', '$fn', '$ln', '$e', SHA1('$p'), NOW(), '$uname', '$class', '$ad1', '$ad2', '$cty', '$cnty', '$pcode', '$ph', '$pd' )";		
		$result = @mysqli_query ($dbcon, $q); // Run the query.
		if ($result) { // If it ran OK.
		header ("location: register-thanks.php"); 
		exit();
		} else { // If it did not run OK
		// Error message:
			echo '<h2>System Error</h2>
			<p class="error">Registration failed because of a system error. We apologize for the inconvenience.</p>'; 
			// Debugging message:
			echo '<p>' . mysqli_error($dbcon) . '<br><br>Query: ' . $q . '</p>';
		} // End of if ($result)
		mysqli_close($dbcon); // Close the database connection
		// Include the footer and stop the script
		include ('footer.php'); 
		exit();
}else{//IF THE EMAIL ADDRESS IS ALREADY REGISTERED
echo '<p class="error">The email address is not acceptable because it is already registered</p>';
}
	} else { // Report the errors.
		echo '<h2>Error!</h2>
		<p class="error">The following error(s) occurred:<br>';
		foreach ($errors as $msg) { // Print each error.
			echo " - $msg<br>\n";
		}
		echo '</p><h3>Please try again.</h3><p><br></p>';
		}// End of if (empty($errors))
} // End of the main Submit conditional.
?>

Share this post


Link to post
Share on other sites

Hello again Antonio

I am not sending an email. The code is part of a user registration page. The two blocks of code (preceded by comments in capitals) are supposed to check whether the email address being registered is already in the database table. It should avoid the possibility of entering duplicate email addresses into the database table. Unfortunately it allows duplicates and I can't see why..

Share this post


Link to post
Share on other sites

I would start with the standard PHP-MySQL debugging technique: print out the query being run and run it using another interface. Specifically I would run the SELECT user_id query to see what those results are. There's nothing obvious (to me) in your code that's wrong.

Share this post


Link to post
Share on other sites

I am not sure what is wrong either but here are some suggestions of things to have a second look at:

 

See at the end of your code, an extra bracket looks out of place and I wonder is it messing things up?

	exit();
}else{//IF THE EMAIL ADDRESS IS ALREADY REGISTERED
echo '<p class="error">The email address is not acceptable because it is already registered</p>';
}
	}

Another security issue consider is lack of filtering of the email variable although I don't think this is your current problem

(you didn't use real escape string function here)

	// Check for an email address:
	if (empty($_POST['email'])) {
		$errors[] = 'You forgot to enter your email address.';
	} else {
		$e = trim($_POST['email']);
	}

And finally, it could really help to follow Larry's advice and see what the query is.

To help that, you could temporarily remove the header and exit functions yourself so the data is echoed to the page and you can see it without the page moving off somewhere else.

Perhaps something along these lines:

	if (empty($errors)) { // If everything is OK

//DETERMINE WHETHER THE EMAIL ADDRESS HAS ALREADY BEEN REGISTERED	

$q = "SELECT user_id FROM users WHERE email = '$e'";

		$result = mysqli_query ($dbcon, $q);


echo '<h1>'; // TEMPORARY TO SEE QUERY - remove this line later
echo $q; // TEMPORARY TO SEE QUERY - run this query in phpmyadmin and remove this line later
echo '</h1>'; // TEMPORARY TO SEE QUERY - remove this line later
 
if (mysqli_num_rows($result) == 0){//The mail address has not been registered already therefore...	

// Register the user in the users table

		$q = "INSERT INTO users (user_id, title, fname, lname, email, psword, registration_date, uname, class, addr1, addr2, city, county, pcode, phone, paid) VALUES (' ', '$title', '$fn', '$ln', '$e', SHA1('$p'), NOW(), '$uname', '$class', '$ad1', '$ad2', '$cty', '$cnty', '$pcode', '$ph', '$pd' )";
		
		$result = @mysqli_query ($dbcon, $q); // Run the query.

		if ($result) { // If it ran OK.
		header ("location: register-thanks.php"); 
		exit();
		} else { // If it did not run OK
		// Error message:
			echo '<h2>System Error</h2>
			<p class="error">Registration failed because of a system error. We apologize for the inconvenience.</p>'; 
			// Debugging message:
			echo '<p>' . mysqli_error($dbcon) . '<br><br>Query: ' . $q . '</p>';
		} // End of if ($result)
		mysqli_close($dbcon); // Close the database connection
		// Include the footer and stop the script
		include ('footer.php'); 
		exit();
}
else
{
//IF THE EMAIL ADDRESS IS ALREADY REGISTERED
echo '<p class="error">The email address is not acceptable because it is already registered</p>';
		echo '<h2>Error!</h2>
		<p class="error">The following error(s) occurred:<br>';
foreach ($errors as $msg)
 {
 // Print each error.
			echo " - $msg<br>\n";
}
		
echo '</p><h3>Please try again.</h3><p><br></p>';

}// End of if (empty($errors))

}
  • Upvote 1

Share this post


Link to post
Share on other sites

Many thanks Larry and StephenM

 

When you both reassured me that the code I posted was correct, I deduced that there must be a difference between the code I posted and the test file I was using. Sure enough, instead of $q = "SELECT ; I had written Sq = "SELECT; The difference between a dollar sign and a capital S made all the difference. Thanks for pointing me in the right direction, all is well now.

Best wishes

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...