Validate email

[emediastudios]

Hey everyone, im building my first newsletter sign up and wanted to add the validation of checking if the email is already in the database.

 

This is the top part of the code that works.

<?php

switch ($_REQUEST['action']) {

default:

foreach($_POST as $key=>$value){
$$key = $value;
}

if ($email == ''){
$error_msg = 'email required';
}

elseif (!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $email)) { 
    $error_msg = 'Invalid email address'; 
}
echo "";


if ($error_msg == ''){

foreach($_POST as $key=>$value){
$$key = htmlentities(stripslashes($value));
}
 $Q = mysql_query("INSERT INTO newsletter (`email`) VALUES ('$email')");

 

But when i add my attempted validation it doesn't work.

 

$check = mysql_query("SELECT FROM newsletter WHERE email = '$email'") or die(mysql_error()); 
 $check2 = mysql_num_rows($check); 
 if ($check2 != 1) {

 $error_msg = 'email exists'; 

 

Could someone be so kind to add this code where it should go, iv tried everything.

 

 

 

 

[Solaris]

But when i add my attempted validation it doesn't work.

 

How does it not work?

 

Also, if somehow the same e-mail address has been registered more than once, $check2 will not be equal to 1. If the e-mail address has not been registered, $check2 will be == 0. See the logic here?

[ManiacDan]

Don't use ereg, it's deprecated.  Use preg instead.

 

Email address validation is a lot harder than you think.

 

-Dan

[emediastudios]

Don't use ereg, it's deprecated.  Use preg instead.

 

Email address validation is a lot harder than you think.

 

-Dan

 

I think it has something to do with the if and else statements, it just shows the email address in the field after submit, no email send or record added in db.

[emediastudios]

This is the full code i have, it works well, just want to stop the email being added multiple times.

 

<?php

switch ($_REQUEST['action']) {

default:

foreach($_POST as $key=>$value){
$$key = $value;
}

if ($email == ''){
$error_msg = 'email required';
}

elseif (!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $email)) { 
    $error_msg = 'Invalid email address'; 
}


if ($error_msg == ''){

foreach($_POST as $key=>$value){
$$key = htmlentities(stripslashes($value));
}
 $Q = mysql_query("INSERT INTO newsletter (`email`) VALUES ('$email')");

$companyname = 'Newsletter Signup';
$companyemail = 'me@emediastudios.com.au';

$headers  = "MIME-Version: 1.0\r\n";
$headers .= "Content-type: text/html; charset=iso-8859-1\r\n";
$headers .= "From: ".$email." <".$email.">\r\n";
$headers .= "Reply-To: ".$email." <".$email.">\r\n";
$to = "".$companyname."<".$companyemail.">";
$subject = "Newsletter Signup";

$message = '<style type="text/css">
<!--
.style {
font-family: Verdana, Arial, Helvetica, sans-serif;
font-size: 10px;
}
-->
</style>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
	<tr>
    <td class="style">
<b>Details:</b><br /><br />
<b>Email:</b> '.$email.'<br />
    </td>
  	</tr>
</table>';

mail($to, $subject, $message, $headers);

	echo '<form id="form1" name="form1" method="post" action="'.$_SERVER['PHP_SELF'].'">
              <table width="200" border="0" align="left" cellpadding="0" cellspacing="0">
                <tr>
                  <td width="144"><input name="email" type="text" class="newsinput" id="email" value="Subscribed" /></td>
                  <td width="56" align="left" class="signuppad"><input type="submit" class="submit" value=""/></td>
                </tr>
</table>
            </form>';

}else{

foreach($_POST as $key=>$value){
$$key = htmlentities(stripslashes($value));
}

echo '<form id="form1" name="form1" method="post" action="'.$_SERVER['PHP_SELF'].'">
              <table width="100%" border="0" cellspacing="0" cellpadding="0">
                <tr>
                  <td width="41%"><input name="email" type="text" class="newsinput" id="email" value="'.$email.'" size="30" /></td>
                  <td width="59%" class="signuppad"><input type="submit" class="submit" value=""/></td>
                </tr>
              </table>
            </form>';

break;

}
}
?>

[Solaris]

Insert this code:

else {
	$check = mysql_query("SELECT FROM newsletter WHERE email = '$email'") or die(mysql_error());
	$check2 = mysql_num_rows($check);
	if ($check2 > 0)
	$error_msg = 'email exists';
}

 

before this line:

if ($error_msg == ''){

 

EDIT: linuxjournal.com doesn't load for me, but I found some RFC-compliant e-mail validation code here: http://www.ex-parrot.com/~pdw/Mail-RFC822-Address.html -- this is a huge regex, don't use it. The following is less strict but should do the job for 99.99% of e-mail addresses out there:

 

[a-z0-9!#$%&'*+/=?^_`{|}~-]+(?:\.[a-z0-9!#$%&'*+/=?^_`{|}~-]+)*@(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+(?:[A-Z]{2}|com|org|net|edu|gov|mil|biz|info|mobi|name|aero|asia|jobs|museum)\b

[ManiacDan]

Make `email` a unique key and use INSERT IGNORE, the database will handle destroying duplicates.

 

-Dan

[emediastudios]

Make `email` a unique key and use INSERT IGNORE, the database will handle destroying duplicates.

 

-Dan

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'FROM newsletter WHERE email = 'ross@mail.com'' at line 1

[Solaris]

Make `email` a unique key and use INSERT IGNORE, the database will handle destroying duplicates.

 

-Dan

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'FROM newsletter WHERE email = 'ross@mail.com'' at line 1

 

ManiacDan was talking about replacing INSERT with INSERT IGNORE in the query that actually inserts the e-mail addresses, not about replacing SELECT with INSERT IGNORE in the validation query.

 

But if you want to know whether the e-mail address was duplicated or not (INSERT IGNORE just does the job silently), try the code I posted. If you're not sure about anything, just ask.