Page 1 of 1

HELP with submitting information only once

Posted: Sat Aug 30, 2003 9:07 am
by tsm4781
I am trying to setup a user control panel where if a user logs in, they can post their name/information to an alumni and currrent member database. I have setup the database correctly, and have built an administration system to update it, but for the user control panel, I want them to only be able to submit their data once, and then receive an error stating that their name is already in the database. They can update their information, but never duplicate it. Below is the code I am trying to use, but I believe I am missing a step.

FROM CP.PHP

Code: Select all

if ($_POSTї'action'] == 'addalumni')
	{

			$name = $_POSTї'name'];
			$email = $_POSTї'email'];
			$city = $_POSTї'city'];
			$state = $_POSTї'state'];
			$yearbegin = $_POSTї'yearbegin'];
			$yearend = $_POSTї'yearend'];			
			$query = "INSERT into alumni values (NULL,'$name','$email','$city','$state','$yearbegin','$yearend')";
			$result = mysql_query($query);
			$p = 3;

			if ($name == $name)
					{
						$table = "alumni";
						$query = "SELECT * FROM $table WHERE name='$name'";
						$result = mysql_query($query);
						$numrows = mysql_num_rows($result);
					}
						if ($numrows > 0)
					{
					$errormsg = "<font color ='#FF0000'>You Have Already Entered Your Information!</font>";
					&#125;
				&#125;
			&#125;
Also on the include page of the control panel, I populate the fields of the form with their user information they entered upon signup

Code: Select all

<?PHP
	include_once("db.inc.php");
	
	mysql_connect($db_host,$db_user,$db_pass) or DIE("Could not connect to DB Server");
	mysql_select_db("$db_name") or DIE("Could not find DB on Server");
	
	$query = "SELECT * FROM members WHERE username = '$IYOY_USER'";
	$result = mysql_query($query);
	
	
	if (mysql_num_rows($result) > 0)
	&#123;	
		$row = mysql_fetch_array($result);
		extract($row);
	&#125;	

?>

<title>Update Member Information</title><table width="100%" border="0" cellspacing="5" cellpadding="0">
	<tr> 
	  <td valign="top" align="center"><form name="addalumni" method="post" action="<?PHP echo "$PHP_SELF"; ?>">
        <table width="100%" border="0" cellspacing="2" cellpadding="3">
          <tr> 
            <td colspan="2"><b><font face="Verdana, Arial, Helvetica, sans-serif" size="3">Add 
              Your Info To The Alumni Directory: 
              <?PHP echo $errormsg; ?>
              </font></b></td>
          </tr>
          <tr> 
            <td colspan="2">If all of the information is correct, please click 
              submit. You will need to enter the year you began at IV and the 
              year you ended.</td>
          </tr>
        </table>
        <table width="100%" border="0" cellspacing="1" cellpadding="3" bgcolor="#CCCCCC">
          <tr bgcolor="e7e7e7"> 
            <td width="30%"><b>Username:</b></td>
            <td width="70%"> 
              <?PHP echo "$IYOY_USER"; ?>
            </td>
          </tr>
          <tr bgcolor="e7e7e7"> 
            <td width="30%"><b>Name:</b></td>
            <td width="70%"> 
              <input name="fname" type="text" id="fname" value="<?PHP echo "$firstname"; ?> <?PHP echo "$lastname"; ?>">
            </td>
          </tr>
          <tr bgcolor="e7e7e7"> 
            <td width="30%"><b>Email:</b></td>
            <td width="70%"> 
              <input name="email" type="text" id="email" value="<?PHP echo "$email"; ?>">
            </td>
          </tr>
          <tr bgcolor="e7e7e7"> 
            <td width="30%"><b>City/State/Zip</b></td>
            <td width="70%">
              <input name="city" type="text" id="city" value="<?PHP echo "$city"; ?>">
              <input name="state" type="text" id="state" value="<?PHP echo "$state"; ?>" size="2" maxlength="2">
              <input name="zip" type="text" id="zip" value="<?PHP echo "$zip"; ?>" size="5" maxlength="5">
            </td>
          </tr>
          <tr bgcolor="e7e7e7"> 
            <td width="30%"><b>Year Begin::</b></td>
            <td width="70%">
              <input name="yearbegin" type="text" id="yearbegin" value="<?PHP echo "$yearbegin"; ?>">
            </td>
          </tr>
          <tr bgcolor="e7e7e7"> 
            <td width="30%"><b>Year End:</b></td>
            <td width="70%">
              <input name="yearend" type="text" id="yearend" value="<?PHP echo "$yearend"; ?>">
            </td>
          </tr>
          <tr> 
            <td height="15" colspan="2" align="center" bgcolor="#4A6588"> 
              <input name="action" type="hidden" value="addalumni">
              <input name="id" type="hidden" value="<?PHP echo "$id"; ?>">
              <input name="Submit" type="submit" id="Submit" value="Submit">
              <input type="reset" name="Reset" value="Reset">
            </td>
          </tr>
        </table>
		</form> 
		
	  </td>
	</tr>
</table>
Something in the cp.php code isn't right as it isn't even adding to the database at all to even check for the error. Can someone help?

Posted: Sat Aug 30, 2003 10:05 am
by JAM

Code: Select all

if ($name == $name)
This will probably result in true every time you run the script...

Besides that, you could move the part where you "SELECT * FROM $table WHERE name='$name'", to before the INSERT above...

Posted: Sat Aug 30, 2003 10:17 am
by Drachlen
Moving it up wont stop it from inserting again though, so what you will want to do is put the insert stuff into an if:

Code: Select all

<?php
   if ($_POST['action'] == 'addalumni'){ 

	   $table = "alumni";
	   $query = mysql_query("SELECT * FROM $table WHERE name='$name'");
		
		if(mysql_num_rows($query) <= 0){
			 $name = $_POST['name']; 
			 $email = $_POST['email']; 
			 $city = $_POST['city']; 
			 $state = $_POST['state']; 
			 $yearbegin = $_POST['yearbegin']; 
			 $yearend = $_POST['yearend'];          
			 $query = "INSERT into alumni values (NULL,'$name','$email','$city','$state','$yearbegin','$yearend')"; 
			 $result = mysql_query($query); 
			 $p = 3; 

		}else{
		$errormsg = "<font color ='#FF0000'>You Have Already Entered Your Information!</font>"; 
		}
   }
?>

Posted: Sat Aug 30, 2003 10:26 am
by JAM
Of course not. I wasn't clear enough, as I personally thought it was obvious with an if-then-else line (or similiar) combining it.

Bad of me.

Posted: Sat Aug 30, 2003 7:21 pm
by m3rajk
oreilly suggests making a unique feild and generating a unique id in the form. then you check for that before you enter

Posted: Sat Aug 30, 2003 8:03 pm
by tsm4781
thanks... it works very well!