Jump to content

Prevent duplicate content in database does NOT work!


angelali

Recommended Posts

I am new in PHP, and I am learning a lot. My objective is not to become an expert in PHP as I am planning to master MySQL and Oracle later. I have successfully made an image hosting, a mini one, with validations of certain types of files etc...but I am adding a  registration form in it which actually I am doing.

 

After trying a lot to solve this problem of duplicate in both username and email address, but  in vain, I have decided to include the duplicate of email address, not the username...and it is now working...

 

I want a last help from you guys, I am preventing only duplicate email address now, not both the email and the username, and it is working great. Below are my codes, can you please  see them and tell me if from this method, I can also prevent the duplicate of username as well? When I say duplicate here, is the message to display the user that the either the email address or username has already taken.

 

<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST') {

if (isset($_POST['fname']) && isset($_POST['lname'])&& isset($_POST['emailr']) && isset($_POST['user']) && isset($_POST['pass'])) {

//Database
$connect = @mysql_connect('localhost', 'root', '') or die ('Connection Failed');
@mysql_select_db('registration', $connect) or die ('Connection Failed');

//Assignng variables		
$firstname = mysql_real_escape_string(stripslashes(trim($_POST['fname'])));
$lastname = mysql_real_escape_string(stripslashes(trim($_POST['lname'])));	
$email = mysql_real_escape_string(stripslashes(trim($_POST['emailr'])));
$uname = mysql_real_escape_string(stripslashes(trim($_POST['user'])));
$pwd = mysql_real_escape_string(stripslashes(trim($_POST['pass'])));


//Registration codes

if (empty($firstname) || empty($lastname) || empty($email) || empty($uname) || empty($pwd)) {
echo '<p class="error">All fields are required to fill!</p>';
return false;
} elseif (strlen($firstname) && (strlen($lastname) < '2')) {
echo '<p class="error">Invalid first name or last name!</p>';
return false;
} elseif (filter_var($firstname, FILTER_VALIDATE_INT) || (filter_var($lastname, FILTER_VALIDATE_INT))) {
echo '<p class="error">First name or last name cannot be integers!</p>';
return false;
} elseif (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
echo '<p class="error">Email address not valid!</p>';
return false;	
} elseif (strlen($uname) && (strlen($pwd) < '6' )) {
echo '<p class="error">Username or password must be minimum 6 characters!</p>';
return false;
} else {
$pwd = md5($pwd);
$query = "INSERT INTO login (id, firstname, lastname, emailaddress, username, password) VALUES('', '$firstname', '$lastname', '$email', '$uname', '$pwd')";
mysql_query($query, $connect);
if (mysql_errno($connect)> 0) {
echo "Email address already taken";
} else {
echo '<p class="fail">Successful!</p>';
}
}
}
}
?>

Link to comment
Share on other sites

  • Replies 57
  • Created
  • Last Reply

Guys, it is working now... Pikachu, I mentioned that the problem of duplicate has been solved since you told me about the problem of INDEX in the database. I did mention I created another one and now its working. The only problem was the message to display the user that an email or username has already taken was not displaying.

 

By the way, it is working now, YES, the message is displaying! YES...after 4 hours...the problem is solved..  :P:);)

 

Here the codes I tried, and which are working great:

<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST') {

if (isset($_POST['fname']) && isset($_POST['lname'])&& isset($_POST['emailr']) && isset($_POST['user']) && isset($_POST['pass'])) {

//Database
$connect = @mysql_connect('localhost', 'root', '') or die ('Connection Failed');
@mysql_select_db('registration', $connect) or die ('Connection Failed');

//Assignng variables		
$firstname = mysql_real_escape_string(stripslashes(trim($_POST['fname'])));
$lastname = mysql_real_escape_string(stripslashes(trim($_POST['lname'])));	
$email = mysql_real_escape_string(stripslashes(trim($_POST['emailr'])));
$uname = mysql_real_escape_string(stripslashes(trim($_POST['user'])));
$pwd = mysql_real_escape_string(stripslashes(trim($_POST['pass'])));


//Registration codes

if (empty($firstname) || empty($lastname) || empty($email) || empty($uname) || empty($pwd)) {
echo '<p class="error">All fields are required to fill!</p>';
return false;
} elseif (strlen($firstname) && (strlen($lastname) < '2')) {
echo '<p class="error">Invalid first name or last name!</p>';
return false;
} elseif (filter_var($firstname, FILTER_VALIDATE_INT) || (filter_var($lastname, FILTER_VALIDATE_INT))) {
echo '<p class="error">First name or last name cannot be integers!</p>';
return false;
} elseif (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
echo '<p class="error">Email address not valid!</p>';
return false;	
} elseif (strlen($uname) && (strlen($pwd) < '6' )) {
echo '<p class="error">Username or password must be minimum 6 characters!</p>';
return false;
} else {
$pwd = md5($pwd);
$query = "INSERT INTO login (id, firstname, lastname, emailaddress, username, password) VALUES('', '$firstname', '$lastname', '$email', '$uname', '$pwd')";
mysql_query($query, $connect);
if (mysql_errno($connect)> 0) {
echo "The email address or username has already taken, choose another!";
} else {
echo '<p class="fail">Successful!</p>';
}
}
}
}
?>

 

:P:);D

 

I want to thank ALL OF YOU who took so much patience for helping me...ALL OF YOU, THANK YOU VERY MUCH! You have all responded nicely also and as a professional! THANK YOU ALL!  :P

Link to comment
Share on other sites

It may be working, but it really isn't ready to be used on a live web site.

 

You shouldn't be suppressing db connection errors with the @ operator. Those errors should be logged, at the very least.

The validation is cumbersome and redundant, yet incomplete. It could also be made more specific for better user-friendliness.

stripslashes should not be used without first determining that magic_quotes_gpc is on

Values that are to be hashed should left as-is, not escaped or otherwise manipulated

filter_var($, FILTER_VALIDATE_INT) on $firstname and $lastname probably isn't doing what you intended it to do

 

I'm not pointing out flaws to have a jab at you; only because you said you wanted to learn.

Link to comment
Share on other sites

So, what you suggest me to correct? Its good you are telling me my mistakes...as I want to correct myself...

 

The FILTER_VALIDATE_INT is doing its job well, I tested it... Huhh, for the striplashes, I have heard that turning Magic_gp ON is not recommended. For the '@', I see that doing that would not display the line if an error occurs. Well, I have learnt all of these in PHPAcademy, you know that guy who always do tutorials on YouTube...

 

Please, suggest me one by one about which to correct... and what I should do.... Thank you for telling my erros..its important to me to learn

Link to comment
Share on other sites

So, what you suggest me to correct? Its good you are telling me my mistakes...as I want to correct myself...

 

The FILTER_VALIDATE_INT is doing its job well, I tested it... Huhh, for the striplashes, I have heard that turning Magic_gp ON is not recommended. For the '@', I see that doing that would not display the line if an error occurs. Well, I have learnt all of these in PHPAcademy, you know that guy who always do tutorials on YouTube...

 

Please, suggest me one by one about which to correct... and what I should do.... Thank you for telling my erros..its important to me to learn

 

Pika has kindly laid out a list of things that should be done differently for you.

Take the time to research each of these things and solve them yourself.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.