Jump to content

[SOLVED] Prob. compairing mysql result with $_POST result


Greaser9780

Recommended Posts

I have mysql select a name from the db. Then I compare it to the $_POST name. If they match it is supposed to alert the user of this then redirect them to the join form again. The problem is no matter how many times the name is in the db it keeps allowing it to be re-registered again. Here is that section of code:

 

 

$sql = "SELECT clan_name FROM bhdsingle ";

$result= mysql_query($sql, $connection) or die(mysql_error());

  if ($result = $clan_name ) {

        echo 'Sorry, that clan name is already registered here at PST. Please  choose another clan name.';

        include('bhdsingle_join_form.html');

    exit;

}

$sql = mysql_query("INSERT INTO bhdsingle (clan_name, logo, message, email, aim, yahoo, msn, signup_date)

        VALUES('$clan_name', '$logo', '$message', '$email', '$aim', '$yahoo', '$msn', now())") or die (mysql_error());

$clan_id = mysql_insert_id();

   

    echo 'Congratulations on registering your new clan for the BHD Singles Ladder!';

 

 

 

?>

 

Link to comment
Share on other sites

<?php

$clan_name = $_POST['clan_name'];

$sql = "SELECT clan_name FROM bhdsingle WHERE clan_name='$clan_name' ";
$result= mysql_query($sql, $connection) or die(mysql_error());

   if (mysql_num_rows($result) > 0 ) {
        echo 'Sorry, that clan name is already registered here at PST. Please  choose another clan name.';
}   
        include('bhdsingle_join_form.html');
    exit;
}

$sql = mysql_query("INSERT INTO bhdsingle (clan_name, logo, message, email, aim, yahoo, msn, signup_date)
        VALUES('$clan_name', '$logo', '$message', '$email', '$aim', '$yahoo', '$msn', now())") or die (mysql_error());

$clan_id = mysql_insert_id();
   
    echo 'Congratulations on registering your new clan for the BHD Singles Ladder!';



?>

 

Hope that helps =]

Link to comment
Share on other sites

That's telling you that you are inserting data in a unique table column that already exists.

 

So, if you set 'email' to be unique and already have poco@hotmail.com in a previous row, you can't submit a form with poco@hotmail.com again.

 

You should run some validation on the data before trying to put it into the db.

Link to comment
Share on other sites

Can you post (in addition to your current code) the exact data you are using to test with?  It may make a difference, as you have not escaped your data.  You should be using mysql_real_escape_string() on every string that is headed for the database.  You may also need to use urldecode() first.  Something like this:

 

$name = urldecode($_POST['name']);
$name_esc = mysql_real_escape_string($name);
$sql = "INSERT ... '$name_esc' ...";

Link to comment
Share on other sites

Here is the entire code for this script:

 

<?php

session_start();

$dbhost = '----';

$dbusername = '----';

$dbpasswd = '----';

$database_name = '----';

 

#under here, don't touch!

$connection = mysql_pconnect("$dbhost","$dbusername","$dbpasswd") 

    or die ("Couldn't connect to server.");

$db = mysql_select_db("$database_name", $connection)

    or die("Couldn't select database.");

 

array_pop($_POST);

if ( get_magic_quotes_gpc() ) {

    $_POST= array_map('stripslashes', $_POST);

}

$clan_name = mysql_real_escape_string(trim($_POST['clan_name']));

$logo = mysql_real_escape_string(trim($_POST['logo']));

$message = mysql_real_escape_string(trim($_POST['message']));

$email = mysql_real_escape_string(trim($_POST['email']));

$aim = mysql_real_escape_string(trim($_POST['aim']));

$yahoo = mysql_real_escape_string(trim($_POST['yahoo']));

$msn = mysql_real_escape_string(trim($_POST['msn']));

 

if ((!$clan_name)){

    $message = "info";

    if (!$clan_name) {

      $error = "clan_name";

echo 'b';

 

      include('bhdsingle_join_form.html');

  exit;

}

 

 

 

$sql = "SELECT clan_name FROM bhdsingle WHERE clan_name='$clan_name' ";

$result= mysql_query($sql, $connection)  or die(mysql_error());

 

  if (mysql_num_rows($result) > 0 ) {

        echo 'Sorry, that clan name is already registered here at PST. Please  choose another clan name.';

}

        include('bhdsingle_join_form.html');

    exit;

}

 

$sql = mysql_query("INSERT INTO bhdsingle (clan_name, logo, message, email, aim, yahoo, msn, signup_date)

        VALUES('$clan_name', '$logo', '$message', '$email', '$aim', '$yahoo', '$msn', now())") or die (mysql_error());

 

$clan_id = mysql_insert_id();

 

    echo 'Congratulations on registering your new clan for the BHD Singles Ladder!';

 

 

?>

Link to comment
Share on other sites

Just for fun change the last part to this:

 

$sql = "SELECT clan_name FROM bhdsingle WHERE clan_name='$clan_name' ";
$result= mysql_query($sql, $connection)  or die(mysql_error());

   if (mysql_num_rows($result) > 0 ) {
        echo 'Sorry, that clan name is already registered here at PST. Please  choose another clan name.';
}
        include('bhdsingle_join_form.html');
    
} else {

$sql = mysql_query("INSERT INTO bhdsingle (clan_name, logo, message, email, aim, yahoo, msn, signup_date)
        VALUES('$clan_name', '$logo', '$message', '$email', '$aim', '$yahoo', '$msn', now())") or die (mysql_error());

$clan_id = mysql_insert_id();
   
    echo 'Congratulations on registering your new clan for the BHD Singles Ladder!';
}

Link to comment
Share on other sites

Now the page just turns white completely and no text.Syntax error?

 

Fixed the above. Now it's letting me add the clan name that is already registered again.

If  I set the row to be unique in the db while having 2 of the same name already present I get the exact same error in my phpmyadmin page.

So I am thinking that my script is disregarding the clan_name precheck and trying to write it to the db anyway.

Link to comment
Share on other sites

Ok, then try this:

 

$sql = "SELECT * FROM bhdsingle WHERE clan_name='$clan_name' ";
$result= mysql_query($sql, $connection)  or die(mysql_error());

   if (mysql_num_rows($result) > 0 ) {
        echo 'Sorry, that clan name is already registered here at PST. Please  choose another clan name.';
        include('bhdsingle_join_form.html');
        exit;
    
} else {

$sql = mysql_query("INSERT INTO bhdsingle (clan_name, logo, message, email, aim, yahoo, msn, signup_date)
        VALUES('$clan_name', '$logo', '$message', '$email', '$aim', '$yahoo', '$msn', now())") or die (mysql_error());

$clan_id = mysql_insert_id();
   
    echo 'Congratulations on registering your new clan for the BHD Singles Ladder!';
}

Link to comment
Share on other sites

but arnt you getting the id from the database then throwing back in then it duplacates the same entry.

 

 

read this please cheers.

 

mysql_insert_id — Get the ID generated from the previous INSERT operation

 

 

GET RID OF THE CLAN_ID USING MYSQL_INSERT_ID(): ok

Link to comment
Share on other sites

Let's experiment and get rid of some things that aren't absolutely needed. Try this:

 

$sql = "SELECT * FROM bhdsingle WHERE clan_name='$clan_name' ";
$result= mysql_query($sql, $connection)  or die(mysql_error());

   if (mysql_num_rows($result) > 0 ) {
        echo "Sorry, that clan name is already registered here at PST. Please  choose another clan name.";
        include("bhdsingle_join_form.html");
         
} else {

$sql = mysql_query("INSERT INTO bhdsingle (clan_name, logo, message, email, aim, yahoo, msn, signup_date)
        VALUES('$clan_name', '$logo', '$message', '$email', '$aim', '$yahoo', '$msn', 'now())'") or die (mysql_error());

    echo "Congratulations on registering your new clan for the BHD Singles Ladder!";
}

 

 

As a footnote, IF your database fields and params aren't set up properly then the code won't work as laid out.

Link to comment
Share on other sites

You don't need to set it as unique if you're going to validate it in the code. You're already checking that with the 'if' statement.

 

Also, get in the habit of using double quotes for your echo statements. That way you can have other characters in the text. Single quotes restricts you.

Link to comment
Share on other sites

I put the table back the way it was. Which is the way you suggested.

And when I try changing the code to your most recent attempt it turns the screen all white.

No clue what that means.

 

It seems as if there is an error with it selecting the info and comparing because when it actually completes the page it skips right over the echo that it should be stating

Link to comment
Share on other sites

fill out the database information please.

 

you dont use a query varable name twice ok.

 

<?php
$database=mysql_connect("localhost","username","password");
$mysql_select_db( "database_name" , $database);


$clan_name=addslashes($_POST['clan_name']);
$logo=addslashes($_POST['logo']);
$message=addslashes($_POST['message']);
$email=addslashes($_POST['email']);
$aim=addslashes($_POST['aim']);
$yahoo=addslashes($_POST['yahoo']);
$msn=addslashes($_POST['msn']);


$sql_select = "SELECT * FROM `bhdsingle` WHERE `clan_name`='$clan_name' ";
$result= mysql_query($sql_select) or die(mysql_error());

  if (mysql_num_rows($result) == 1 ) {
       echo "Sorry, that clan name is already registered here at PST. Please  choose another clan name.";
       include("bhdsingle_join_form.html");
        
} else {

if($_POST['submit']){

$sql = "INSERT INTO `bhdsingle` (clan_name, logo, message, email, aim, yahoo, msn, signup_date
       VALUES('$clan_name', '$logo', '$message', '$email', '$aim', '$yahoo', '$msn', 'now() )" or die (mysql_error());
$sql_result=mysql_query($sql)or die(mysql_error());

   echo "Congratulations on registering your new clan for the BHD Singles Ladder!";
}
}
?>

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.