[SOLVED] Prob. compairing mysql result with $_POST result

[Greaser9780]

I have mysql select a name from the db. Then I compare it to the $_POST name. If they match it is supposed to alert the user of this then redirect them to the join form again. The problem is no matter how many times the name is in the db it keeps allowing it to be re-registered again. Here is that section of code:

 

 

$sql = "SELECT clan_name FROM bhdsingle ";

$result= mysql_query($sql, $connection) or die(mysql_error());

  if ($result = $clan_name ) {

        echo 'Sorry, that clan name is already registered here at PST. Please  choose another clan name.';

} 

        include('bhdsingle_join_form.html');

    exit;

}

$sql = mysql_query("INSERT INTO bhdsingle (clan_name, logo, message, email, aim, yahoo, msn, signup_date)

        VALUES('$clan_name', '$logo', '$message', '$email', '$aim', '$yahoo', '$msn', now())") or die (mysql_error());

$clan_id = mysql_insert_id();

   

    echo 'Congratulations on registering your new clan for the BHD Singles Ladder!';

 

 

 

?>

 

[pocobueno1388]

<?php

$clan_name = $_POST['clan_name'];

$sql = "SELECT clan_name FROM bhdsingle WHERE clan_name='$clan_name' ";
$result= mysql_query($sql, $connection) or die(mysql_error());

   if (mysql_num_rows($result) > 0 ) {
        echo 'Sorry, that clan name is already registered here at PST. Please  choose another clan name.';
}   
        include('bhdsingle_join_form.html');
    exit;
}

$sql = mysql_query("INSERT INTO bhdsingle (clan_name, logo, message, email, aim, yahoo, msn, signup_date)
        VALUES('$clan_name', '$logo', '$message', '$email', '$aim', '$yahoo', '$msn', now())") or die (mysql_error());

$clan_id = mysql_insert_id();
   
    echo 'Congratulations on registering your new clan for the BHD Singles Ladder!';



?>

 

Hope that helps =]

[Greaser9780]

Now it states the following:

 

Duplicate entry 'the name I am using' for key 2

 

but it's not displaying my echo or restting the form.

 

[Greaser9780]

Can anyone else take a stab at this?

[benjaminbeazy]

whats the exact doe your using now? and what is the exact error your're getting?

[jajtiii]

That's telling you that you are inserting data in a unique table column that already exists.

 

So, if you set 'email' to be unique and already have [email protected] in a previous row, you can't submit a form with [email protected] again.

 

You should run some validation on the data before trying to put it into the db.

[btherl]

Can you post (in addition to your current code) the exact data you are using to test with?  It may make a difference, as you have not escaped your data.  You should be using mysql_real_escape_string() on every string that is headed for the database.  You may also need to use urldecode() first.  Something like this:

 

$name = urldecode($_POST['name']);
$name_esc = mysql_real_escape_string($name);
$sql = "INSERT ... '$name_esc' ...";

[Greaser9780]

Here is the entire code for this script:

 

<?php

session_start();

$dbhost = '----';

$dbusername = '----';

$dbpasswd = '----';

$database_name = '----';

 

#under here, don't touch!

$connection = mysql_pconnect("$dbhost","$dbusername","$dbpasswd") 

    or die ("Couldn't connect to server.");

$db = mysql_select_db("$database_name", $connection)

    or die("Couldn't select database.");

 

array_pop($_POST);

if ( get_magic_quotes_gpc() ) {

    $_POST= array_map('stripslashes', $_POST);

}

$clan_name = mysql_real_escape_string(trim($_POST['clan_name']));

$logo = mysql_real_escape_string(trim($_POST['logo']));

$message = mysql_real_escape_string(trim($_POST['message']));

$email = mysql_real_escape_string(trim($_POST['email']));

$aim = mysql_real_escape_string(trim($_POST['aim']));

$yahoo = mysql_real_escape_string(trim($_POST['yahoo']));

$msn = mysql_real_escape_string(trim($_POST['msn']));

 

if ((!$clan_name)){

    $message = "info";

    if (!$clan_name) {

      $error = "clan_name";

echo 'b';

 

      include('bhdsingle_join_form.html');

  exit;

}

 

 

 

$sql = "SELECT clan_name FROM bhdsingle WHERE clan_name='$clan_name' ";

$result= mysql_query($sql, $connection)  or die(mysql_error());

 

  if (mysql_num_rows($result) > 0 ) {

        echo 'Sorry, that clan name is already registered here at PST. Please  choose another clan name.';

}

        include('bhdsingle_join_form.html');

    exit;

}

 

$sql = mysql_query("INSERT INTO bhdsingle (clan_name, logo, message, email, aim, yahoo, msn, signup_date)

        VALUES('$clan_name', '$logo', '$message', '$email', '$aim', '$yahoo', '$msn', now())") or die (mysql_error());

 

$clan_id = mysql_insert_id();

 

    echo 'Congratulations on registering your new clan for the BHD Singles Ladder!';

 

 

?>

[Greaser9780]

I also tried deleting the unique in my clan_name row in the db. If I do that it just continues letting you register the same name.

 

[simcoweb]

Just for fun change the last part to this:

 

$sql = "SELECT clan_name FROM bhdsingle WHERE clan_name='$clan_name' ";
$result= mysql_query($sql, $connection)  or die(mysql_error());

   if (mysql_num_rows($result) > 0 ) {
        echo 'Sorry, that clan name is already registered here at PST. Please  choose another clan name.';
}
        include('bhdsingle_join_form.html');
    
} else {

$sql = mysql_query("INSERT INTO bhdsingle (clan_name, logo, message, email, aim, yahoo, msn, signup_date)
        VALUES('$clan_name', '$logo', '$message', '$email', '$aim', '$yahoo', '$msn', now())") or die (mysql_error());

$clan_id = mysql_insert_id();
   
    echo 'Congratulations on registering your new clan for the BHD Singles Ladder!';
}

[Greaser9780]

Now the page just turns white completely and no text.Syntax error?

 

Fixed the above. Now it's letting me add the clan name that is already registered again.

If  I set the row to be unique in the db while having 2 of the same name already present I get the exact same error in my phpmyadmin page.

So I am thinking that my script is disregarding the clan_name precheck and trying to write it to the db anyway.

[simcoweb]

Ok, then try this:

 

$sql = "SELECT * FROM bhdsingle WHERE clan_name='$clan_name' ";
$result= mysql_query($sql, $connection)  or die(mysql_error());

   if (mysql_num_rows($result) > 0 ) {
        echo 'Sorry, that clan name is already registered here at PST. Please  choose another clan name.';
        include('bhdsingle_join_form.html');
        exit;
    
} else {

$sql = mysql_query("INSERT INTO bhdsingle (clan_name, logo, message, email, aim, yahoo, msn, signup_date)
        VALUES('$clan_name', '$logo', '$message', '$email', '$aim', '$yahoo', '$msn', now())") or die (mysql_error());

$clan_id = mysql_insert_id();
   
    echo 'Congratulations on registering your new clan for the BHD Singles Ladder!';
}

[Greaser9780]

Now the page just goes to all white again.

[redarrow]

but arnt you getting the id from the database then throwing back in then it duplacates the same entry.

 

 

read this please cheers.

 

mysql_insert_id — Get the ID generated from the previous INSERT operation

 

 

GET RID OF THE CLAN_ID USING MYSQL_INSERT_ID(): ok

[simcoweb]

Let's experiment and get rid of some things that aren't absolutely needed. Try this:

 

$sql = "SELECT * FROM bhdsingle WHERE clan_name='$clan_name' ";
$result= mysql_query($sql, $connection)  or die(mysql_error());

   if (mysql_num_rows($result) > 0 ) {
        echo "Sorry, that clan name is already registered here at PST. Please  choose another clan name.";
        include("bhdsingle_join_form.html");
         
} else {

$sql = mysql_query("INSERT INTO bhdsingle (clan_name, logo, message, email, aim, yahoo, msn, signup_date)
        VALUES('$clan_name', '$logo', '$message', '$email', '$aim', '$yahoo', '$msn', 'now())'") or die (mysql_error());

    echo "Congratulations on registering your new clan for the BHD Singles Ladder!";
}

 

 

As a footnote, IF your database fields and params aren't set up properly then the code won't work as laid out.

[Greaser9780]

should unique be set in my clan_name field or not?

[simcoweb]

You don't need to set it as unique if you're going to validate it in the code. You're already checking that with the 'if' statement.

 

Also, get in the habit of using double quotes for your echo statements. That way you can have other characters in the text. Single quotes restricts you.

[redarrow]

I see what going on now if you are not incrementing the id for the clans then yes the id of clan would of entred so your database is wrong.

 

Post your database as the code been provided is a correct programming code and looks good.

[Greaser9780]

Also could it be a prob that we are using '$clan_name' as what to get from the db but it is also the variable set for $_POST['clan_name']    ?

[Greaser9780]

Not sure on that I used phpmyadmin to configure it.

Clan_id is auto increment. Should I make clan_name auto?

[simcoweb]

You can't make a name 'auto-increment'. That refers to integers (numbers). Make sure your auto-incremented ID field is set to INT.

[Greaser9780]

I had Clan_id set with int and the primary function with auto-increment

I tried changing it to the unique function with auto increment and changing clan_name row by making it the primary but it didn't seem to do anything

[simcoweb]

Just make the Clan_id the primary and auto-increment. That way you can use the Clan_id in all types of queries since it's guaranteed to be unique.

[Greaser9780]

I put the table back the way it was. Which is the way you suggested.

And when I try changing the code to your most recent attempt it turns the screen all white.

No clue what that means.

 

It seems as if there is an error with it selecting the info and comparing because when it actually completes the page it skips right over the echo that it should be stating

[redarrow]

fill out the database information please.

 

you dont use a query varable name twice ok.

 

<?php
$database=mysql_connect("localhost","username","password");
$mysql_select_db( "database_name" , $database);


$clan_name=addslashes($_POST['clan_name']);
$logo=addslashes($_POST['logo']);
$message=addslashes($_POST['message']);
$email=addslashes($_POST['email']);
$aim=addslashes($_POST['aim']);
$yahoo=addslashes($_POST['yahoo']);
$msn=addslashes($_POST['msn']);


$sql_select = "SELECT * FROM `bhdsingle` WHERE `clan_name`='$clan_name' ";
$result= mysql_query($sql_select) or die(mysql_error());

  if (mysql_num_rows($result) == 1 ) {
       echo "Sorry, that clan name is already registered here at PST. Please  choose another clan name.";
       include("bhdsingle_join_form.html");
        
} else {

if($_POST['submit']){

$sql = "INSERT INTO `bhdsingle` (clan_name, logo, message, email, aim, yahoo, msn, signup_date
       VALUES('$clan_name', '$logo', '$message', '$email', '$aim', '$yahoo', '$msn', 'now() )" or die (mysql_error());
$sql_result=mysql_query($sql)or die(mysql_error());

   echo "Congratulations on registering your new clan for the BHD Singles Ladder!";
}
}
?>