0

I am a newbie in PHP and i am trying to create a system where user will add firstname, lastname and email address. Basically what i am trying to do is verify if the e-mail already exists in database or not.

Have been working for hours but it doesn't work. But when i try to verify the firstname and lastname they both works.

But with email field ... the code cannot compare that there are duplicate values. There are lot of duplicate email Id in the database but the code ignores that and inserts the value :/. Meanwhile if i try verifying for duplicate firstname and lastname it works

Any help please :(

$firstname=$_POST['firstname'];
$lastname=$_POST['lastname'];
$email=$_POST['email'];
$firstname= stripslashes($firstname);
$lastname= stripslashes($lastname);
$email= stripslashes($email);
$host="localhost";
$user="root";
$pass="";
$db="site";
$link=mysql_connect($host,$user,$pass);
mysql_select_db($db,$link);
$test="SELECT * FROM email_list WHERE email = '$email' ";   

$select=mysql_query($test);
if(mysql_num_rows($select)>0)       
{
    echo "Email already exists".$email."<br>";
    echo "Please enter another email";
}
else
{
    $query="INSERT into email_list (first_name, last_name, email) values ('$firstname', '$lastname', '$email')";
    mysql_query($query);
    echo "values entered" .$firstname. "<br>". $lastname. "<br>". $email;   
}
Daniel Daranas
  • 22,454
  • 9
  • 63
  • 116
himalayageek
  • 1
  • Not sure if this is the problem, but try `WHERE email='$email'` instead of `WHERE email = '$email'`. – PurkkaKoodari Mar 17 '13 at 09:23
  • 3
    Use of the `mysql_*` functions in PHP is discouraged in favour of [PDO](http://php.net/pdo) or [MySQLi](http://php.net/mysqli) ([find out why](http://stackoverflow.com/questions/12859942)). – Till Helge Mar 17 '13 at 09:25
  • Hi. Could you post in your database definition - the **CREATE TABLE email_list (...)** command? – Martina Mar 17 '13 at 09:35

5 Answers5

0

First of all as you can read from the comments below your question mysql_* isn't recomended any longer. try mysqli_* functions instead if you like the procedural approach, but that is besides the point.

Your code as it is above seems without any obvious error but inserting raw input into a database is a dangerous thing - you should (at the minimum) change your INSERT and SELECT statemens so all the textual input is enclosed in mysql_real_escape_string() function. The select statement would then look like this:

"SELECT * FROM email_list WHERE email = '".mysql_real_escape_string($email)."' ";

That will not change the behaviour of your code, it will only make sure, that if someone enters nonsense into $email field it will be saved as entered (without crashing your code) or if they try to "hack" (inject) your mysql queries they will not succeed in doing so.

I am guessing here from (as i do not have too much information to work with) that your email field in email_list table is too short - and saving only maybe first 16 characters of any entered email address - which in turn will not help you determining whether an email address exists because you are comparing the entered joe@test.com with joe@test.c (that in case if your email field was defined as char(10)

Martina
  • 1,634
  • 1
  • 10
  • 6
  • Thanks i figured it out !!! IT WAS A SILLY MISTAKE !! the email field was email_filed varchar(20) while the email address inserted was longer than that so it would automatically be trimmed And won't verify :P Sorry for the trouble fellas but appreciate your effort ! Thanks again :) – himalayageek Mar 22 '13 at 08:53
  • @himalayageek Hi. No problem :) If you have your problem solved, would you accept one of the answers as your solution (the 'thick' symbol to the left of the answer you liked most) to "close" this question and also if any of the answers helped you you may vote up for it as a token of appreciation :). Cheers :) – Martina Mar 22 '13 at 11:45
0

Basic debugging steps:

  1. mysql_query() can fail. You don't test it. Test it:

    $select=mysql_query($test);
if(!$select){
    die(mysql_error());
}

  2. If mysql_num_rows() is never greater than zero, you should find out what it is:

    var_dump(mysql_num_rows($select));

    This function does not work with all possible configurations.

  3. You run a SELECT query? Aren't you curious about the result set? Grab and print all rows.

Additionally:

  • There's more SQL than SELECT * FROM table. If you want to count, you can count in SQL:

    SELECT COUNT(*) AS dupes FROM email_list

  • You are using a MySQL extension that will be removed when the next major PHP release comes out.

  • I see stripslashes() out there. The magic quotes feature is annoying, useless and deprecated.

  • Make sure you read and understand How to prevent SQL injection in PHP?.

Community
  • 1
  • 1
Álvaro González
  • 142,137
  • 41
  • 261
  • 360
  • Thanks i figured it out !!! IT WAS A SILLY MISTAKE !! the email field was email_filed varchar(20) while the email address inserted was longer than that so it would automatically be trimmed And won't verify :P Sorry for the trouble fellas but appreciate your effort ! Thanks again :) – himalayageek Mar 22 '13 at 08:53
  • @himalayageek - An e-mail column needs to be `VARCHAR(254)`. – Álvaro González Mar 22 '13 at 09:06
0

I strongly agree with the one who points out that mysql_query and mysql in general should be avoided (also because they're going to deprecate it sooner or later). You want to switch to MySQLi or whatever else. This said, you're not checking for errors. Does the connection to database fail? You'll never know. Does $test fail? You'll never know either. Try to debug with an "or die()" (N.B.: or die(); is strongly discouraged! However, if its' not used in production it'll suffice it).

mysql_select_db($db,$link) or die("cannot open db");
$select=mysql_query($test) or die ("cannot select the email");

EDIT: to check if the email is in the database, you probably need a function to do that. Or, if you don't want to put it into a function, try to edit this way 

$test="SELECT * FROM email_list WHERE email = '$email' ";   
$select=mysql_query($test);
if(mysql_num_rows($select)!=0) //different from 0   
{
    echo "Email already exists".$email."<br>";
    echo "Please enter another email";
}

I hope this helps.

tattvamasi
  • 845
  • 1
  • 7
  • 14
  • I believe that what he's saying is that his code works and saves the records, but saves the same email over and over again. That said, his queries and code are functional or it would not get as far as inserting new entries. IMHO – Martina Mar 17 '13 at 09:51
  • It is solved ! My silly mistake :( I was entering email address longer than the value i assigned for the email field :( so the email would be automatically be shortened :( – himalayageek Mar 22 '13 at 08:55
0

I enclosed the '$email' variable in parentheses and it worked for me.

$test= "SELECT Password FROM persons WHERE Email=('$email')";
AJPerez
  • 3,435
  • 10
  • 61
  • 91
Anurag
  • 1
  • 1
0

Everything looks okay but Check your defined length of email on your db, if it matches the one you're sending then try and print the email being accepted on your form. Like

Print $email ;

And I'll advice you change all names of "mysql" to "mysqli"

Paul Roub
  • 36,322
  • 27
  • 84
  • 93