How to avoid duplicate input and empty input?

Question

This would be a piece of my code.

$name = $_POST['UserNames'];
$pw = sha1($_POST['Passwords']);
$mail = $_POST['Emails'];
$pc = $_POST['Postcodes'];
$status = "0";
mysql_query("INSERT INTO userinfo 
               (Username,Password,Email,Postcode,status,valid) 
               VALUES 
               ('$name','$pw','$mail','$pc','$status','$validate')
");

How do i make sure every input will not be null and the Email will never repeat.

[INSERT ... ON DUPLICATE KEY UPDATE](https://dev.mysql.com/doc/refman/5.0/en/insert-on-duplicate.html) ? — Peon, Feb 18 '14 at 11:16
[array_filter](http://pk1.php.net/manual/en/function.array-filter.php) for `$_POST` and [array_unique](http://pk1.php.net/array_unique) for `$_POST['Emails']` (If array) — Rahil Wazir, Feb 18 '14 at 11:19
Set a `UNIQUE` index on the column in the database and write code that validates the input before you insert it. — deceze, Feb 18 '14 at 11:20

score 0 · Answer 1 · answered Feb 18 '14 at 11:21

Try this,

mysql_query("INSERT INTO userinfo (Username,Password,Email,Postcode,status,valid) VALUES ('$name','$pw','$mail','$pc','$status','$validate')  ON DUPLICATE KEY UPDATE status='0'");

For more details refer, https://dev.mysql.com/doc/refman/5.0/en/insert-on-duplicate.html

score 0 · Answer 2 · answered Feb 18 '14 at 11:21

0

use the empty function for the post fields to check if it contains something.

for the email, you must use a UNIQUE clause in your database for this field

answered Feb 18 '14 at 11:21

Tommy

391
1
2
20

score 0 · Answer 3 · edited May 23 '17 at 10:26

0

About the email: set up the column of Email in userinfo table to be unique, and on insert just do on duplicate ignore

About the fields, well in the way you are working just do isset($_POST['XXX']) && !empty($_POST['XXX']). A better way would be working with some input validation class, like this one.

edited May 23 '17 at 10:26

Community

1
1

answered Feb 18 '14 at 11:23

Michael Arenzon

541
8
16

score 0 · Answer 4 · answered Feb 18 '14 at 11:28

0

For empty input you can do the following :

$name = (isset($_POST['UserNames']) && !empty($_POST['UserNames'])) ? $_POST['UserNames'] : FALSE;

For duplicate email check you need to do a SELECT query before executing the INSERT statement.

answered Feb 18 '14 at 11:28

Dragon Fly

1

score -1 · Answer 5 · answered Feb 18 '14 at 11:23

First check values before mysql query:

$valid = true;
foreach($_POST AS $key=>$value)
{
   if($value == null){
       echo "Please provide ".$key;
       $valid = false;
   }
}
if($valid == true)
{
    // check if email is in DB
    $result = mysql_query("SELECT email FROM user info WHERE Email = '".addslashes($_POST['email'])."'");
    if(mysql_num_rows($result) == 1)
    {
       echo "Email is already registered in our DB";
    }
    else
    {
       mysql_query("INSERT INTO userinfo (Username,Password,Email,Postcode,status,valid) VALUES ('$name','$pw','$mail','$pc','$status','$validate')");
    }
}

The query of select email is wrong way. The right way would be set Email column to unique. — Michael Arenzon, Feb 18 '14 at 11:24

How to avoid duplicate input and empty input?

5 Answers5