0

I am trying to figure out how to check if an email is already within a database as I don't want duplicates I have tried googling and it hasn't worked as old posts I think?

here's my code:

$emailcheck = $value2;
$emailcheck = "SELECT email FROM demo WHERE email= '$emailcheck' ";
$result = mysql_query($link, $emailcheck);
$count = mysql_num_rows($result);

if ($count > 0){
    {$_SESSION['email'] = "Email is already used!";}    
}



if (empty($_POST["name"]))
     {$_SESSION['name']= "Name is required";}
   if (empty($_POST["email"]))
     {$_SESSION['email'] = "Email is required";} else {
   if (!filter_var($_POST["email"], FILTER_VALIDATE_EMAIL))
       {$_SESSION['email'] = "Email is incorect";}}



if(empty($_POST["name"]) || empty($_POST["email"]) || (!filter_var($_POST["email"], FILTER_VALIDATE_EMAIL)) || ($count > 0)) 
{   
    header("Location: home.php");
} else {

thank you for anyones help!

My nearly full code:

$value = $_POST['name'];
$value2 = $_POST['email'];

$emailcheck = $value2;
$emailcheck = "SELECT email FROM demo WHERE email= '$emailcheck' ";
$result = mysql_query($link, $emailcheck);
$count = mysql_num_rows($result);

if ($count > 0){
    {$_SESSION['email'] = "Email is already used!";}    
}



if (empty($_POST["name"]))
     {$_SESSION['name']= "Name is required";}
   if (empty($_POST["email"]))
     {$_SESSION['email'] = "Email is required";} else {
   if (!filter_var($_POST["email"], FILTER_VALIDATE_EMAIL))
       {$_SESSION['email'] = "Email is incorect";}}



if(empty($_POST["name"]) || empty($_POST["email"]) || (!filter_var($_POST["email"], FILTER_VALIDATE_EMAIL)) || ($count > 0)) 
{   
    header("Location: home.php");
} else {


if (!$link) {
    die('Could not connect: ' . mysql_errno());
}

$db_selected = mysql_select_db(DB_NAME, $link);

if (!$db_selected) {
    die('can\'t use ' . DB_NAME . ':' . mysql_error());
}

$sql = "INSERT INTO demo (name, email) VALUES ('$value', '$value2')";

if (!mysql_query($sql)) {
    die('Error: ' . mysql_error());
}
header("location: https://www.google.co.uk/search?q=Ghostbusters&stick=H4sIAAAAAAAAAONgFuLUz9U3MI43skxR4gIxjUxLcrLTtYQck0vyi0LyQ8Ic81J888syU4sBdwGq3i0AAAA&sa=X&ved=0ahUKEwj0-J6QtuXaAhUQSsAKHaYqB2wQxA0I6gEwHg&biw=1280&bih=699");     
mysql_close();
session_destroy();
}
}
?>
Adam Martin
  • 11
  • 1
  • 6
  • whats the question? your piece of code is not even closing right :( – Tin May 03 '18 at 19:52
  • in my code i my form is still letting me go though the process if there is a duplicate email within the database – Adam Martin May 03 '18 at 19:53
  • What is `$value2`? How can you store 2 different values in the same variable, `$emailcheck`? What error(s) are you getting? – NewBee May 03 '18 at 19:54
  • it not giving me errors it just passing me though to the website using the header for the sucessful entry and value2 is the name of the email from the from so the email ? – Adam Martin May 03 '18 at 19:56
  • 1
    You need to stop/quit the process in this condition true `if ($count > 0){ {$_SESSION['email'] = "Email is already used!";} }` Right now even if it's a duplication email, it continues the process. – Tin May 03 '18 at 19:56
  • ill edit and add more of my code it will make more sense – Adam Martin May 03 '18 at 19:57
  • ive added my full code – Adam Martin May 03 '18 at 20:00
  • Also two things: currently your SQL code is unsafe and allows SQL injections, please take a look to [How can I prevent SQL injection in PHP?](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) and consider to use `PDO` or `mysqli` to avoid it, and remember that `mysql_*` extension is obsolete, and you should change it to (again) `PDO` or `mysqli` instead. – Julian David May 03 '18 at 20:34
  • ill have a look at this – Adam Martin May 03 '18 at 20:43

3 Answers3

0

I think you have to put 

die;

after 

header("Location: home.php");

otherwise the code will still continue executing

Peshraw H. Ahmed
  • 439
  • 3
  • 22
  • can you just change header("Location: home.php"); to header("Location: home.php");die; and tell me if it works? You are on the right way but you are not stoping the execution after redirecting to home. – Peshraw H. Ahmed May 03 '18 at 20:09
0

Peshaw and Tin are absolutely correct; there's nothing to alter or stop code execution even if you discover a duplicate email.

You will know if there is a duplicate, but your code won't respond to that as is currently written.

You'll need something after you store the result in session...

$isDuplicate = false;

if ($count > 0){
  $_SESSION['email'] = "Email is already used!";
  $isDuplicate = true;
}

if(empty($_POST["name"]) || empty($_POST["email"]) || (!filter_var($_POST["email"], FILTER_VALIDATE_EMAIL)) || ($count > 0) || ($isDuplicate)) {
  // error handling here
  header("Location: home.php");
} else {
  // regular code execution here
  if (empty($_POST["name"]))
    {$_SESSION['name']= "Name is required";}
  if (empty($_POST["email"]))
    {$_SESSION['email'] = "Email is required";} else {
  if (!filter_var($_POST["email"], FILTER_VALIDATE_EMAIL))
    {$_SESSION['email'] = "Email is incorrect";}}
}

...and of course this answer won't be complete without the usual warning of sticking user input straight into queries instead of parameterizing them with PDO or at least sanitizing them. Please sanitize your inputs.

Malovich
  • 931
  • 1
  • 5
  • 15
0

You need to wrap the rest of your code after if ($count > 0) in an else code block, like this:

if ($count > 0){
    $_SESSION['email'] = "Email is already used!";

} else {
    if (empty($_POST["name"]))
        {$_SESSION['name']= "Name is required";}
        // the rest of your code
}
Julian David
  • 311
  • 1
  • 12