Few things i need help with please! - Webmaster Forum - Web Design, Programming and SEO forums

05-12-2008, 06:17 PM

JamieH

Status: I love this place
Join date: Jan 2006
Location:
Expertise:
Software:

Posts: 533

iTrader: 10 / 100%

JamieH is on a distinguished road

Few things i need help with please!

I want to be able someone to use my signup form.. but if they type an email that already exists in my database i want to be able to send them an error,

i assume i'll be using the "if" command, i'll be using some kind of code like this i take it?:

Code:

<?php

if ($_POST[teamname] = somecode here)
    echo "The email you chose to signup with already exists! Please choose another!";

?>

What code would i put after the if ($_POST[email] = ???????)

and what is the best way to use an error on the same page?

If someone could help i'd be more than happy to give +REP.

Many thanks,
Jamie

05-12-2008, 06:25 PM

JamieH

Status: I love this place
Join date: Jan 2006
Location:
Expertise:
Software:

Posts: 533

iTrader: 10 / 100%

JamieH is on a distinguished road

Sorry for double post.

Would i possibly assign a variable to the mysql code and then just do:

Code:

<?php

$samemail = mysql code here

if ($POST_[email] == $samemail)
    echo "Same email!!!"
else
    echo "Signup created!!"

?>

how would i correctly place the mysql code into the variable though?

Many thanks,
Jamie

05-12-2008, 07:01 PM

Jeff Andersen

Status: Superstar
Join date: Apr 2005
Location:
Expertise:
Software:

Posts: 4,449

iTrader: 10 / 100%

Jeff Andersen is on a distinguished road

The way I normally approach it is this:

$email = mysql_query("SELECT * FROM wherever WHERE email='$email'") or die(mysql_error());
$count = mysql_num_rows($email);

if ($count > 0):

echo "No sir, you cannot register";

else:

echo "Yay! Signed up!";

endif;

05-12-2008, 07:29 PM

JulesR

Status: Member
Join date: Apr 2008
Location:
Expertise:
Software:

Posts: 129

iTrader: 0 / 0%

JulesR is on a distinguished road

As an example:

PHP Code:


			
<?php

if (mysql_num_rows(mysql_query("SELECT email FROM users WHERE email = '" . mysql_real_escape_string($_POST['email']) . "'")) > 0) {

echo "That e-mail address already exists within the database";

}

else {

// E-mail address is unique, so set the account up....

}

?>

Some notes:

1. It's completely unnecessary to select all data (SELECT *) unless you absolutely NEED all the information or at least most of it. This is a bad habit to get into. If you're simply doing a validation you only need to SELECT a single field, because the actual validation check isn't performed on any of the retrieved content - thus retrieving it all is pointless and slower.
2. Make sure you sanitise and escape all user input. No user input can be trusted, so use functions like strip_tags and the all important mysql_real_escape_string to make your queries safe.
3. If your database is going to grow fairly large, remember to index the e-mail address field to increase performance.

05-12-2008, 08:52 PM

JamieH

Status: I love this place
Join date: Jan 2006
Location:
Expertise:
Software:

Posts: 533

iTrader: 10 / 100%

JamieH is on a distinguished road

This is brilliant input thank you gents.

Is there any chance you can give me some specific links to where i can learn how to secure my forms etc please?

Is it just a simple search in google or is there "a best link" for it?

Many thanks,

Jamie

05-12-2008, 09:16 PM

JamieH

Status: I love this place
Join date: Jan 2006
Location:
Expertise:
Software:

Posts: 533

iTrader: 10 / 100%

JamieH is on a distinguished road

Also is there a simple way of using variables from different files in the same directory without using the "include file.." code?

Thanks.

(btw the +rep isn't workingas of yet. I will add it though.)

Jamie