[SOLVED] HELP - UNIQUE FORM VALIDATION?

[jmalouff]

I am working on a basic PHP Form that when submitted does a quick error check. All Works Well in my development environment. 

 

However when form is on the live server all does as it is supposed to but when doing the error checking one of the forms request the end user to enter a Affiliate code of their choice! I want these to be unique! so if a user enters one that was already entered previously  it attempts to query the database for an duplicate. this way i can make sure that each Code entered is unique.  However online it submits with out giving an error and it allows duplicates to enter the database.

 

In my development environment when i submit the form  with the same file it errors out saying that the

 

Here is my code.

 

/* Begin Unique Affiliate Code Check */

 

 

$sql = "SELECT * FROM affiliates WHERE affiliate_code='".$affiliate_code."'";

$res = mysql_query($sql) or die (mysql_error());

 

if (mysql_num_rows ($res) > 0) {

$curnum ++;

echo "<tr><td>".$curnum.". The Affiliate Code ' <b>".$affiliate_code."</b> ' already exists </tr></td>";

 

 

 

}

 

/* End Unique Affiliate Code Check */

 

am i doing something wrong? any suggestions?

[premiso]

If you can, modify that field in the table to be "UNIQUE" this will prevent duplicates from being entered at the SQL level.

 

As far as why that is not returning the affiliates like it should, try trim ing the data and check if Magic Quotes are enabled on the production server, as that may be escaping data. If it is I would suggest turning them off or using get_magic_quotes_gpc to test if it is on if it is, do a stripslashes on the data.

[jmalouff]

Thanks for your help!

 

Here is what i found in RE: to my php.ini (Magic Quotes) - Is this the right area?

 

; Magic quotes

;

 

; Magic quotes for incoming GET/POST/Cookie data.

magic_quotes_gpc = On

 

; Magic quotes for runtime-generated data, e.g. data from SQL, from exec(), etc.

magic_quotes_runtime = Off

 

[premiso]

Yes, you should set both to Off.

 

For data going into the DB (textual data) you should use mysql_real_escape_string to escape it instead.

[jmalouff]

turning the magic Codes to OFF in the php.ini file HELPED and FIXED the problem!

 

Thanks for your help!  ;D

[Psycho]

Please mark thread as solved!

 

Also, I wouldsuggest changing your query as follows

$sql = "SELECT affiliate_code FROM affiliates WHERE affiliate_code='".$affiliate_code."'";

 

No need to query all fields in the table.

[jmalouff]

thanks for the suggestions.. It makes sense & ill make the update!!..

 

I'm sorry.. but i am not sure how to mark it as resolved?

 

 

[premiso]

Bottom left hand corner above Quick Reply, "Topic Solved"

[jmalouff]

How hard it is to have an email sent to the user confirming their registration?

 

or at least..

 

Send a letter to me letting me know someone submitted the form..

 

Thanks in advance!!

[premiso]

mail

 

Not hard at all, given you have a mail server to use.

[jmalouff]

I do.. The form is sitting on a dedicated server. what would i need to add to the code to make it do it?

 

I'm sorry for all the questions!!