Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 3 of 3
  1. #1
    Regular Coder
    Join Date
    Jan 2008
    Posts
    334
    Thanks
    9
    Thanked 0 Times in 0 Posts

    Unwanted sumbmisson to the database

    Alright, so here is the problem,

    I have a Register form right now that I'm using to learn and get the feel for using PHP. I have a if statement to check in the database if a user has already submited the same users, and if there is already a user with that name, it comes back false, the same is for the email address. So heres the problem, if you say for eample type in a user name that is already in the database it will come back with the error, but it will also submit the info that you have already typed in if all of the fields are filled in. Which means that you get two users names that are the same and the persons email address so when he does go and find a name that isn't already been used, he wont be able to use his email address because it will be already in the database. How do I fix such problem? I've used the if(isset($_POST['submit'])) to make sure that, but it seems to ignore that script and go on through with its actions...

    PHP Code:


    <?php

    include("db.php");
    include(
    "function.php");

      if(isset(
    $_POST['submit']))
    {  
       
       
    $query mysql_query("SELECT username FROM users WHERE username = '".mysql_real_escape_string($_POST['username'])."'") or die('Database error: ' .mysql_error());
         
           
    $checkuser mysql_fetch_row($query);
           
           if(isset(
    $_POST['submit']) && $checkuser 0)
             {
             
    $error 'This username is already being used.'; include("register.php");
             }
             
             
    $query1 mysql_query("SELECT email FROM users WHERE email = '".mysql_real_escape_string($_POST['email'])."'") or die('Database error: ' .mysql_error());
             
             
    $checkemail mysql_fetch_row($query1);
             
             if(isset(
    $_POST['submit']) && $checkemail 0)
             
               {
               
    $error 'This Email is already being used.';
               include(
    "register.php");
               }
         


         if(isset(
    $_POST['submit']) && empty($_POST['username']))
           {
           
    $error 'Please fill in your username';
           include(
    "register.php");
           }
         elseif(isset(
    $_POST['submit']) && empty($_POST['password'])) 
           {
           
    $error 'Please fill in a password';
           include(
    "register.php");
           }
         elseif(isset(
    $_POST['submit']) && $_POST['password'] != $_POST['comfirmed_password'])
           {
           
    $error 'Your passwords do not match. Please retype them and try again';
           include(
    "register.php");
           }
         elseif(isset(
    $_POST['submit']) && empty($_POST['email']))
           {
           
    $error 'Please fill in your email';
           include(
    "register.php");
           }
         elseif(isset(
    $_POST['submit']) && $_POST['email'] != $_POST['comfirmed_email'])
           {
           
    $error 'Your emails do not match. Please retype them and try again';
           include(
    "register.php");
           }
                
      
      else
       
         {
         
         
    $query mysql_query("INSERT INTO users(`id`, `username`, `password`, `email`, `random_key`) VALUES('', '".mysql_real_escape_string($_POST[username])."', '".mysql_real_escape_string(md5($_POST[password]))."', '".mysql_real_escape_string($_POST[email])."', '".random_string('alnum'32)."')") or die('Database error: ' .mysql_error());
         
         
    $getuser mysql_query("SELECT id, username, email, random_key FROM users WHERE username = '".mysql_real_escape_string($_POST['username'])."'") or die('Database error: ' .mysql_error());
         
         if(
    mysql_num_rows($getuser)==1)
         
         {
         
         
    $row mysql_fetch_assoc($getuser);
         
          
    $header "From: TopGameHQ";
          
    $subject "Account Registerion";
          
          
    $message "Dear ".$row['username'].",\r\n\r\n Your account is almost actived. To finish your activeion, please click this link: http://topgamehq.com/learn/comfirm.php?id=".$row['id']."&amp;key=".$row['random_key']."\r\n\r\n Thank you for joining TopGameHQ!";
          
          if(
    mail($row['email'], $subject$message$header))
          
          {
          
    $msg '<fieldset style=\"width:500px; height:100px;\"><legend>Comfirm email</legend>Account was created. Please login to your email and comfirme your account.</fieldset>';
          
    ?>
          
          <html>
    <head><title>TopGameHQ - Register</title>

    <style type="text/css">

    body { background-color:#000000;
    margin-top:6px;
    }

    .main_table_border {
    border: 1px solid #FF6600;
    }

    .input_table {
    font-size:12px;
    font-style:normal;
    color:#000000;
    }

    fieldset {
    border: 1px solid #FF6600;
    }

    .input {
    border: 1px solid #FF6600;
    font-size:12px;
    font-weight:bold;
    font-style:normal;
    font-family:inherit;
    }

    </style></head>
       <body>
       
     <table width="750" align="center" cellpadding="0" cellspacing="0" class="main_table_border">
       <tr>
          <td align="center" valign="top" height="800" bgcolor="#FFFFFF">  
       
       <table width="750" align="center" cellpadding="0" cellspacing="0" bgcolor="#FF6600">
        <tr>
           <td height="70" align="center" valign="midddle"><span class="header">TopGameHQ - Register</span></td>
        </tr>   
       </table>
       
        <table width="700" align="center" cellpadding="0" cellspacing="0" class="input_table">
      <tr>
        <td>&nbsp;</td>
      </tr>   
        <tr>
         <td align="center" valign="top"><?php echo($msg); ?></td>
        </tr>
      
      </table>
      </td></tr>
      </table>
      </body>
      </html>
      
      <?php   
          
          
    }
          else
          {
          
    $error 'We created your account, but failed to send a email out';
          }
        }
        
        

    }

    }
    ?>
    I'm sure its something easy that I'm over looking. But with me not having that much knowledge and seeing that I'm still in the process of learning, its hard for me to find these errors.

    Thanks for your help
    Jon W

  • #2
    Regular Coder
    Join Date
    Jan 2008
    Posts
    334
    Thanks
    9
    Thanked 0 Times in 0 Posts
    I figured it out I think. For the checkuser and checkemail I put:

    PHP Code:

       $query 
    mysql_query("SELECT username FROM users WHERE username = '".mysql_real_escape_string($_POST['username'])."'") or die('Database error: ' .mysql_error());
         
           
    $checkuser mysql_fetch_row($query);
           
           if(isset(
    $_POST['submit']) && $checkuser 0)
             {
             
    $error 'This username is already being used.'; include("register.php");
              return 
    false;
             }
             
             
    $query1 mysql_query("SELECT email FROM users WHERE email = '".mysql_real_escape_string($_POST['email'])."'") or die('Database error: ' .mysql_error());
             
             
    $checkemail mysql_fetch_row($query1);
             
             if(isset(
    $_POST['submit']) && $checkemail 0)
             
               {
               
    $error 'This Email is already being used.';
               include(
    "register.php");
               return 
    false;
               } 

    Notice that I put 'Return false'. I don't know if this is the right way I should do it or not, but it works. lol

    If you have any suggestions or comments on this, please give me the most feedback as you want. Any info helps!

    Thanks
    Jon W

  • #3
    Senior Coder
    Join Date
    Jan 2007
    Posts
    1,648
    Thanks
    1
    Thanked 58 Times in 54 Posts
    The return 'function' is in most cases used for 1) returning a value from a function or sometimes (rarely) used to 2) return a value from an include. You don't need to use return in this situation, because PHP does not expect a result out of the main script.

    This code is a good candidate however to be put into a function. Look up the syntax on PHP functions and try implementing it.

    As for your technique.

    PHP Code:
           $checkuser mysql_fetch_row($query);
           
           if(isset(
    $_POST['submit']) && $checkuser 0
    It is more logical/efficient to check in this way:

    PHP Code:
    if (isset($_POST['submit'])) {
        
    $result mysql_query("SELECT username FROM users WHERE username = '".mysql_real_escape_string($_POST['username'])."'") or die('Database error: ' .mysql_error());
        if (
    mysql_num_rows($result) > 0) {
            
    $error 'This username is already being used.';
            include(
    "register.php");
            return 
    false;
        }
        
    // repeat for email

    What is contained in register.php? The registration form?

    You probably should be setting it up a little differently.

    Code:
    if form was submitted
        // perform other checks
        if username is taken
             error = 'username is taken'
        if email is taken
             error = 'email is taken'
    
    if not submitted or error exists then
        display form
    else
        display thank you
    EDIT: Didn't read your initial post fully.
    Last edited by aedrin; 01-09-2008 at 04:35 PM.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •