[SOLVED] Email Validation

[matt.sisto]

I have written this code to register a consultant, but I want it to check if the email address already exists. I have attempted writing the if statement but it doesn't work. If anyone could have a look at it and point out were I am going wrong it would be much appreciated.

<?php
  require "dbconn2.php";
  $first_name = $_POST['first_name'];
  $last_name = $_POST['last_name'];
  $address_first_line = $_POST['address_first_line'];
  $post_code = $_POST['post_code'];
  $email_address = $_POST['email_address'];  
  $phone_number = $_POST['phone_number'];  
  $y = $_POST['y'];
  $m = $_POST['m'];
  $d = $_POST['d'];
  $rate_id = $_POST['rate'];
  $passwd = $_POST['passwd'];
  $enc = sha1($passwd);
  $dob = $y."-".$m."-".$d." ".$_POST["dob"];
  
  $sql = "SELECT * FROM consultant WHERE email_address = '$email_address'";
  if (mysql_num_rows == 0)
  {
  
  $sql = "INSERT INTO consultant VALUES (0,'".$first_name."','".$last_name."','".$address_first_line."','".$post_code."',
									 '".$email_address."','".$phone_number."','".$dob."','".$rate."','".$enc."')";
  $result = mysql_query ($sql, $connection)
    or die ("Couldn't perform query $sql <br />".mysql_error());
  header("Location: addconsultantform.php");
  exit();
  }
  else{
  echo "Sorry but it appears that an account with this email address already exists.";
   header("Location: addconsultantform.php");
  exit();
  }

?>


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Add Consultant</title>

</head>

<body>

</body>
</html>

Thanks and regs.

[Daniel0]

Why are you redefining all the variables? Considering variables are passed by value this essentially results in double memory consumption, which is a waste because you aren't doing anything new with them.

 

Anyway, you're never running the query, so change

$sql = "SELECT * FROM consultant WHERE email_address = '$email_address'";
if (mysql_num_rows == 0)

to

$sql = mysql_query("SELECT * FROM consultant WHERE email_address = '$email_address'");
if (mysql_num_rows($sql) == 0)

 

You also need to escape your values or you're vulnerable to SQL injection. See: mysql_real_escape_string

[rhodesa]

first problem i see is you can't have anything echoed/printed before a header() function:

header("Location: addconsultantform.php");

[Stephen68]

I'm thinking your problem is with your  mysql_num_rows http://ca2.php.net/mysql_num_rows

 

you have ..

 

$sql = "SELECT * FROM consultant WHERE email_address = '$email_address'";
  if (mysql_num_rows == 0)
  {

 

Your not running the query to even get the row, I could be wrong. Try something like this

 

$sql = "SELECT * FROM consultant WHERE email_address = '$email_address'";
$result = mysql_query($sql);
  if (mysql_num_rows($result) == 0)
  {

[matt.sisto]

Thanks Daniel0, I am aware of the sql injection and plan to remedy this once I have the form validation sorted. I don't know why I redefine my variables it was just the way I have been taught at uni, I am putting this together for my dissertation so I know I still have a lot to learn.

 

  echo "Sorry but it appears that an account with this email address already exists.";
   header("Location: addconsultantform.php");
  exit();

This just echos the message and fails to arrive at the header?

 

[matt.sisto]

Ok so I will echo that reply when it arrives back at the and consultant form, thanks for all the help.