freakinerror Posted October 30, 2009 Share Posted October 30, 2009 hello everyone, I am new to this forum and to PHP/MySQL, I love the process of learning new things except when the unexpected happens, I am writing a script for a login/registration form for my site and I would like to be able to check the users email against my DB list of registered members to keep from having duplicates. I used a script written from another programmer and tweaked it to get it to verify before sending out a confirmation link but I am getting a few T_STRING errors and am having a hard time figuring out where it is coming from, the error says on line 21 which is in the //Check to see if members email exists, from the second line of code $query =mysql_query(SELECT * FROM tbl1_name WHERE email='$email'); Any help would be greatly appreciated. And just would like to say from what I have been reading here that the people here are great and very helpful, looking forward to learning from you all. <?php include_once("config.php"); $sql='mysql_query'; // table name $tbl1_name='registered_members'; $tbl2_name='temp_members_db'; // Random confirmation code $confirm_code=md5(uniqid(rand())); // values sent from form $name =$_POST['name']; $email =$_POST['email']; $country=$_POST['country']; //Check to see if members email exists $mysql =$_POST['email']; $query =mysql_query(SELECT * FROM tbl1_name WHERE email='$email'); $result =mysql_num_rows($query); if ($result > 0){ echo "Email is already used by a member, choose another email.<br/><a href=\"http://www.************\">Click Here!</a>"; } // Insert data into database else { "INSERT INTO $tbl2_name(confirm_code, name, email, password, country)VALUES('$confirm_code', '$name', '$email', '$password', '$country')"; } // if suceesfully inserted data into database, send confirmation link to email if($result){ // ---------------- SEND MAIL FORM ---------------- // send e-mail to ... $to=$email; // Your subject $subject="Your confirmation link here"; // From $header="from: Team Leader <administrator@*******.com>"; // Your message $message="Your Comfirmation link \r\n"; $message.="Click on this link to activate your account \r\n"; $message.="http://www.*************.com/confirmation.php?passkey=$confirm_code"; // send email $sentmail = mail($to,$subject,$message,$header); } // if not found else { echo "Did not find your email in our database"; } // if your email successfully sent if($sentmail){ echo "Your Confirmation link Has Been Sent To Your Email Address."; } else { echo "Cannot send Confirmation link to your e-mail address"; } ?> Quote Link to comment Share on other sites More sharing options...
jonsjava Posted October 30, 2009 Share Posted October 30, 2009 you forgot to add quotes to your query: <?php include_once("config.php"); $sql='mysql_query'; // table name $tbl1_name='registered_members'; $tbl2_name='temp_members_db'; // Random confirmation code $confirm_code=md5(uniqid(rand())); // values sent from form $name =$_POST['name']; $email =$_POST['email']; $country=$_POST['country']; //Check to see if members email exists $mysql =$_POST['email']; $query =mysql_query("SELECT * FROM tbl1_name WHERE email='$email'"); $result =mysql_num_rows($query); if ($result > 0){ echo "Email is already used by a member, choose another email.<br/><a href=\"http://www.************\">Click Here!</a>"; } // Insert data into database else { "INSERT INTO $tbl2_name(confirm_code, name, email, password, country)VALUES('$confirm_code', '$name', '$email', '$password', '$country')"; } // if suceesfully inserted data into database, send confirmation link to email if($result){ // ---------------- SEND MAIL FORM ---------------- // send e-mail to ... $to=$email; // Your subject $subject="Your confirmation link here"; // From $header="from: Team Leader <administrator@*******.com>"; // Your message $message="Your Comfirmation link \r\n"; $message.="Click on this link to activate your account \r\n"; $message.="http://www.*************.com/confirmation.php?passkey=$confirm_code"; // send email $sentmail = mail($to,$subject,$message,$header); } // if not found else { echo "Did not find your email in our database"; } // if your email successfully sent if($sentmail){ echo "Your Confirmation link Has Been Sent To Your Email Address."; } else { echo "Cannot send Confirmation link to your e-mail address"; } ?> Quote Link to comment Share on other sites More sharing options...
cags Posted October 30, 2009 Share Posted October 30, 2009 On this line... $query = mysql_query(SELECT * FROM tbl1_name WHERE email='$email'); ... the bit being passed to the function is a string, as such it need to be surrounded (delimited) by quotes, in this case because you are using a variable and single quotes in the string it needs to be double quotes. $query = mysql_query("SELECT * FROM tbl1_name WHERE email='$email'"); Also this line... "INSERT INTO $tbl2_name(confirm_code, name, email, password, country)VALUES('$confirm_code', '$name', '$email', '$password', '$country')"; ...on it's own doesn't mean anything. You are not storing the string in a variable, nor are you passing it to a database or infact doing anything with it. It's probably supposed to be... mysql_query("INSERT INTO $tbl2_name(confirm_code, name, email, password, country)VALUES('$confirm_code', '$name', '$email', '$password', '$country')"); Quote Link to comment Share on other sites More sharing options...
keldorn Posted October 30, 2009 Share Posted October 30, 2009 Remember to use Code tags. [*PHP] [/*PHP] for PHP and [*code] [*/code]. btw you can set the email table to Unique index. This way the mysql wont accept duplicate emails. Next this is wrong. I think you need Double quotes in this. $query =mysql_query(SELECT * FROM tbl1_name WHERE email='$email'); so: $query =mysql_query("SELECT * FROM tbl1_name WHERE email='$email'"); Also there doesn't appear to be any email validation and just sticking the email right away into the database. Your going to get yourself hacked programming your applications like that. You validated it with a function. This is one that works pretty well it allows emails like john+doe@example.com & john.doe@example.com . Although not quite to RFC specs. Personally just for sake of simplicity I would allow emails like jonh\"doe@example.com (Yes that is valid) is just very bad. Becase then you have to add extra abscraction to your script when dealing with the emails. // Check if Valid email function valid_email($input) { // This regex works pretty well. if(! preg_match("/^([a-z0-9\+_\-]+)(\.[a-z0-9\+_\-]+)*@([a-z0-9\-]+\.)+[a-z]{2,6}$/ix", $input)) { // Were here? Its bad. Set message.. return false; } // else return "good" return true; } Put that function into your script, and next do this, // values sent from form $name = myql_real_escape_string(strip_tags($_POST['name'])); $email = mysql_real_escape_string(strip_tags($_POST['email'])); $country = mysql_real_escape_string(strip_tags($_POST['country'])); if(!valid_email($email)){ echo('That email is invalid'); } Quote Link to comment Share on other sites More sharing options...
freakinerror Posted October 30, 2009 Author Share Posted October 30, 2009 Ok I fixed what was said, but now it is not finding the email address' in my DB, am testing with an email address I know is in the DB, I have set the email table to unique, so should I be looking for any response from mysql to inject into the code to see if it found an existing address, like I said I'm a newbie here in PHP, it is verifying valid emails coming from the form but not finding whats in my DB. Thank you everyone for responding so quickly also, I appreciate it very much. <?php include_once("config.php"); $sql='mysql_query'; // table name $tbl1_name='registered_members'; $tbl2_name='temp_members_db'; // Random confirmation code $confirm_code=md5(uniqid(rand())); $name =$_POST['name']; $email =$_POST['email']; $country=$_POST['country']; // values sent from form $name = mysql_real_escape_string(strip_tags($_POST['name'])); $email = mysql_real_escape_string(strip_tags($_POST['email'])); $country = mysql_real_escape_string(strip_tags($_POST['country'])); if(!valid_email($email)){ echo('That email is invalid'); } // Check if Valid email function valid_email($input) { // This regex works pretty well. if(! preg_match("/^([a-z0-9\+_\-]+)(\.[a-z0-9\+_\-]+)*@([a-z0-9\-]+\.)+[a-z]{2,6}$/ix", $input)) { // Were here? Its bad. Set message.. return false; } // else return "good" return true; } //Check to see if members email exists $mysql =$_POST['email']; $query =mysql_query("SELECT * FROM tbl1_name WHERE email='$email'"); $result =mysql_query($query); if ($result > 0){ echo "Email is already used by a member, choose another email.<br/><a href=\"http://www.*************.com\">Click Here!</a>"; } // Insert data into database else { $sql = "INSERT INTO $tbl2_name(confirm_code, name, email, password, country)VALUES('$confirm_code', '$name', '$email', '$password', '$country')"; } // if suceesfully inserted data into database, send confirmation link to email if($result){ // ---------------- SEND MAIL FORM ---------------- // send e-mail to ... $to=$email; // Your subject $subject="Your confirmation link here"; // From $header="from: Team Leader <administrator@************.com>"; // Your message $message="Your Comfirmation link \r\n"; $message.="Click on this link to activate your account \r\n"; $message.="http://www.*************.com/confirmation.php?passkey=$confirm_code"; // send email $sentmail = mail($to,$subject,$message,$header); } // if not found else { echo "Did not find your email in our database"; } // if your email succesfully sent if($sentmail){ echo "Your Confirmation link Has Been Sent To Your Email Address."; } else { echo "Cannot send Confirmation link to your e-mail address"; } ?> Quote Link to comment Share on other sites More sharing options...
cags Posted October 30, 2009 Share Posted October 30, 2009 $query =mysql_query("SELECT * FROM tbl1_name WHERE email='$email'"); $result =mysql_query($query); ...should be... $query = mysql_query("SELECT * FROM tbl1_name WHERE email='$email'"); $result = mysql_num_rows($query); Quote Link to comment Share on other sites More sharing options...
freakinerror Posted October 30, 2009 Author Share Posted October 30, 2009 I changed it to num_rows and now I get this error Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource Did not find your email in our databaseCannot send Confirmation link to your e-mail address The address is in the DB. Quote Link to comment Share on other sites More sharing options...
cags Posted October 30, 2009 Share Posted October 30, 2009 You get that if the mysql_query failed. Are you connected to an MySQL server and do you have a selected DB? I don't see either of those things being done. I suggest you check out a basic mysql tutorial. Any half decent tutorial will cover connecting, querying and some form of basic debugging. Quote Link to comment Share on other sites More sharing options...
keldorn Posted October 30, 2009 Share Posted October 30, 2009 This is redundant. /* Delete this $name =$_POST['name']; $email =$_POST['email']; $country=$_POST['country']; //--- End delete */ // values sent from form $name = mysql_real_escape_string(strip_tags($_POST['name'])); $email = mysql_real_escape_string(strip_tags($_POST['email'])); $country = mysql_real_escape_string(strip_tags($_POST['country'])); You get that if the mysql_query failed. Are you connected to an MySQL server and do you have a selected DB? I don't see either of those things being done. I suggest you check out a basic mysql tutorial. Any half decent tutorial will cover connecting, querying and some form of basic debugging. I think that he/she must becuase else mysql_real_escape_string() would give an error if its done before the database connection. Quote Link to comment Share on other sites More sharing options...
freakinerror Posted October 30, 2009 Author Share Posted October 30, 2009 Yes I am connected by the config.php file at the top of the script. Quote Link to comment Share on other sites More sharing options...
cags Posted October 30, 2009 Share Posted October 30, 2009 In that case use this to check why it's failing... $query = mysql_query("SELECT * FROM tbl1_name WHERE email='$email'") or trigger_error(mysql_error(), E_USER_ERROR); $result = mysql_num_rows($query); Quote Link to comment Share on other sites More sharing options...
freakinerror Posted October 30, 2009 Author Share Posted October 30, 2009 Cags, You are awesome, thanks for that last post I figured it out for that part, I named the table wrong, but now it is finding the duplicate email and telling to choose another, BUT it is still sending out a confirmation link, is there something wrong with my if else statement? <?php include("config.php"); $sql='mysql_query'; // table name $tbl1_name='registered_members'; $tbl2_name='temp_members_db'; // Random confirmation code $confirm_code=md5(uniqid(rand())); // values sent from form $name = mysql_real_escape_string(strip_tags($_POST['name'])); $email = mysql_real_escape_string(strip_tags($_POST['email'])); $country = mysql_real_escape_string(strip_tags($_POST['country'])); // Check if Valid email function valid_email($input) { if(! preg_match("/^([a-z0-9\+_\-]+)(\.[a-z0-9\+_\-]+)*@([a-z0-9\-]+\.)+[a-z]{2,6}$/ix", $input)) { // Were here? Its bad. Set message.. return false; } // else return "good" return true; } if(!valid_email($email)){ echo('That email is invalid'); } //Check to see if members email exists $mysql =$_POST['email']; $query =mysql_query("SELECT * FROM registered_members WHERE email='$email'")or trigger_error(mysql_error(), E_USER_ERROR); $result =mysql_num_rows($query); if ($result > 0){ echo "Email is already used by a member, choose another email.<br/><a href=\"http://www.***************.com\">Click Here!</a>"; } // Insert data into database else { $sql = "INSERT INTO $tbl2_name(confirm_code, name, email, password, country)VALUES('$confirm_code', '$name', '$email', '$password', '$country')"; } // if suceesfully inserted data into database, send confirmation link to email if($result){ // ---------------- SEND MAIL FORM ---------------- // send e-mail to ... $to=$email; // Your subject $subject="Your confirmation link here"; // From $header="from: Team Leader <administrator@****************.com>"; // Your message $message="Your Comfirmation link \r\n"; $message.="Click on this link to activate your account \r\n"; $message.="http://www.*****************.com/confirmation.php?passkey=$confirm_code"; // send email $sentmail = mail($to,$subject,$message,$header); } // if not found else { echo "Did not find your email in our database"; } // if your email succesfully sent if($sentmail){ echo "Your Confirmation link Has Been Sent To Your Email Address."; } else { echo "Cannot send Confirmation link to your e-mail address"; } ?> Quote Link to comment Share on other sites More sharing options...
cags Posted October 30, 2009 Share Posted October 30, 2009 Your code doesn't make a great deal of sense. Look at it from a work flow/ logical perspective. - Check database for entered e-mail - If found in database tell user already found - else add it to the database* - if was found in database already, send - else display did not find * you don't actually add it to the database as you never pass the query to the database using mysql_query. Quote Link to comment Share on other sites More sharing options...
freakinerror Posted October 31, 2009 Author Share Posted October 31, 2009 Well at the top you see there are 2 tables, The first is a membership DB, the second is a temporary DB that stores until they click on the confirmation email that is sent to them, if it is clicked then the temp is deleted and sent to the membership DB, that way I can keep track of people who havejoined and those that signed up but never confirmed, so I tried to write it to look for emails already in the member DB while storing it in the temp DB before I submit it to the permanent DB. Quote Link to comment Share on other sites More sharing options...
freakinerror Posted October 31, 2009 Author Share Posted October 31, 2009 Ok, heres what I want this to do, A person wants to join my site, they put there info into the form which is comprised of Name, email, password, country, I want the script to first verify the email is good, then I want to compare the email from the form with emails already registered, if there is no match then send out a confirmation code with a link to verify the email account. My mysql setup is 2 DB's, a temp to store the account info while the confirmation link is waiting to be clicked, once the user clicks and verifies their account, the temp DB will be dumped and it will be written to a permanent DB, now the script I have trouble with is this one, I have most of it working, it is verifying emails, and it is finding present accounts and redirecting them to a link to go back to the login?register page, but it is not putting the new info into the temp db, please if anyone can help it would be greatly appreciated. <?php include("config.php"); $sql="mysql_query"; // table name $tbl1_name='registered_members'; $tbl2_name='temp_members_db'; // Random confirmation code $confirm_code=md5(uniqid(rand())); // values sent from form $name=mysql_real_escape_string(strip_tags($_POST['name'])); $email=mysql_real_escape_string(strip_tags($_POST['email'])); $country=mysql_real_escape_string(strip_tags($_POST['country'])); // Check if Valid email function valid_email($input) { if(! preg_match("/^([a-z0-9\+_\-]+)(\.[a-z0-9\+_\-]+)*@([a-z0-9\-]+\.)+[a-z]{2,6}$/ix", $input)) { // Were here? Its bad. Set message.. return false; } // else return "good" return true; } if(!valid_email($email)){ echo('That email is invalid'); } //Check to see if members email exists $mysql =$_POST['email']; $query =mysql_query("SELECT * FROM registered_members WHERE email='$email'")or trigger_error(mysql_error(), E_USER_ERROR); $result =mysql_num_rows($query); // Insert data into database if ($result > 0) { $sql = "INSERT INTO temp_members_db(confirm_code, name, email, password, country)VALUES('$confirm_code', '$name', '$email', '$password', '$country')"; } else { echo "Email is already used by a member, choose another email.<br/><a href=\"http://www.themaverickmoneyway.com\">Click Here</a>"; } // if suceesfully inserted data into database, send confirmation link to email if($result){ // ---------------- SEND MAIL FORM ---------------- // send e-mail to ... $to=$email; // Your subject $subject="Your confirmation link here"; // From $header="from: Team Leader <administrator@yourteamsavings.com>"; // Your message $message="Your Comfirmation link \r\n"; $message.="Click on this link to activate your account \r\n"; $message.="http://www.themaverickmoneyway.com/confirmation.php?passkey=$confirm_code"; // send email $sentmail = mail($to,$subject,$message,$header); } // if not found else { echo "Did not find your email in our database"; } // if your email succesfully sent if($sentmail){ echo "Your Confirmation link Has Been Sent To Your Email Address"; } else { echo "Cannot send Confirmation link to your e-mail address"; } ?> Quote Link to comment Share on other sites More sharing options...
freakinerror Posted October 31, 2009 Author Share Posted October 31, 2009 If anyone could help me out with this it would be greatly appreciated, refer to post above. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.