Stopping duplicate entries in PHP form

Question

struggling to implement a way to stop duplicate entries within this code I've tried a few ways using an if and else statement but I can't seem to get it working. Can anyone provide a solution?

<?php
require('db.php');
// If form submitted, insert values into the database.


if (isset($_REQUEST['username'])){
        // removes backslashes
    $username = stripslashes($_REQUEST['username']);
        //escapes special characters in a string
    $username = mysqli_real_escape_string($con,$username); 
    $email = stripslashes($_REQUEST['email']);
    $email = mysqli_real_escape_string($con,$email);
    $password = stripslashes($_REQUEST['password']);
    $password = mysqli_real_escape_string($con,$password);
    $signupdate = date("Y-m-d H:i:s");
        $query = "INSERT into `users` (username, password, email, signupdate)
VALUES ('$username', '".md5($password)."', '$email', '$signupdate')";
        $result = mysqli_query($con,$query);
        if($result){
            echo "<div class='form'>
<h3>You are registered successfully.</h3>
<br/>Click here to <a href='login.php'>Login</a></div>";
        }
    }else{
?>
<div class="form">
<form name="registration" action="" method="post">
<input type="text" name="username" placeholder="Username" required />
<input type="email" name="email" placeholder="Email" required />
<input type="password" name="password" placeholder="Password" required />
<input type="submit" name="submit" value="Register" />
</form>
</div>
<?php } ?>

I couldn't identify anything in the code to be an attempt you claimed to have made. — sticky bit, Jul 01 '18 at 19:49
Yeah I had a few attempts on a duplicate page and it wasn't working and I had no idea why so I removed it. — Daniel Siwiec, Jul 01 '18 at 19:54
I can't get the page my last attempt was using an else if statement after the last else statement finished and the code was basically not getting picked up whatsoever (on the otherhand it wasn't showing up any errors). — Daniel Siwiec, Jul 01 '18 at 20:03
Why not create a UNIQUE index in the database? Base the index on 'email' or 'username', which ever one you want to use. This way any duplicated entries will just return a mysql error. — CharlesEF, Jul 01 '18 at 20:07
That is a shout but how would I do it so instead of throwing a mysql error, it would display a message with something along the lines of "Email already registered". — Daniel Siwiec, Jul 01 '18 at 20:10
If you use a unique index then this code 'if($result)' will return false and you could display the exact mysql error message or you could display your own custom error message. if you don't use a unique index then you would have to code 2 queries, 1 to test if the user exists, 2 if not exists then insert the data in the 2nd query. — CharlesEF, Jul 01 '18 at 20:15
Hi. Two major issues you need to address in your code. 1) Your code is vulnerable to SQL injection (https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php?rq=1) and 2) You should not use MD5 when hashing passwords. Use (password_hash)[http://www.php.net/password_hash] instead. — Tom, Jul 01 '18 at 21:05

Tom · Accepted Answer · 2018-07-01T21:10:08.030

3

Replace

echo "<div class='form'>
<h3>You are registered successfully.</h3>
<br/>Click here to <a href='login.php'>Login</a></div>";

with

header("location:thankyou.php");

and add the text to the new page.

Disable the submit button after it was clicked

change

<input type="submit" name="submit" value="Register" />

with

<input type="submit" name="submit" value="Register" onClick="this.disabled=true; this.value='Processing…'";>

3.Change the email field in your database to unique

ALTER TABLE users ADD UNIQUE (email);

Add else to $result check:

if($result){
     header("location:thankyou.php");
}
else{
     echo "Registration failed, Make sure to use an email address that was not used before";
}

edited Jul 01 '18 at 21:10

answered Jul 01 '18 at 20:32

Tom

432
2
9

While this works well it doesn't inform the user that the email is already used. – Daniel Siwiec Jul 01 '18 at 20:50
Added step number 4 – Tom Jul 01 '18 at 20:56
After step 4 it comes up with syntax error unexpected '}'. – Daniel Siwiec Jul 01 '18 at 21:09
I've renamed the processing button to display "Cannot submit details as email is already registered" but then for some reason it sends me to an empty page. – Daniel Siwiec Jul 01 '18 at 21:11
The ; fixed the empty page, thank you a lot for your time, this was very helpful as it made me realise the way I was using two else if statements was just bad coding hence why it didn't work. – Daniel Siwiec Jul 01 '18 at 21:15
You can show appreciation by marking this as the correct answer – Tom Jul 01 '18 at 21:17

Basharmal · Answer 2 · 2018-07-02T12:49:58.967

<?php 
If(isset($_POST[‘submit]))
{
   $username = stripslashes($_REQUEST['username']);
    $username = mysqli_real_escape_string($con,$username); 
    $email = stripslashes($_REQUEST ['email']);
    $email = mysqli_real_escape_string($con,$email);
    $password = stripslashes($_REQUEST ['password']);
    $password = mysqli_real_escape_string($con,$password);
    $password =  md5($password)
    $signupdate = date("Y-m-d H:i:s");

$Check_username_indb_query = "select * from users where username = ‘$username’ ";
$result_check = mysqli_query($con,$query);
If(mysqli_fetch_rows($result_check)==1)
{
               echo "Registration failed, this username is already taken please chose another one";
}
Else
{
$query = "INSERT into `users` (username, password, email, signupdate)
VALUES ('$username', '$password', '$email', '$signupdate')";
        $result = mysqli_query($con,$query);
        if($result)
         {
            echo "<div class='form'>
         <h3>You are registered successfully.</h3>
        <br/>
        Click here to <a href='login.php'>Login</a></div>";

   }

   ?>

Stopping duplicate entries in PHP form

2 Answers2