What code is needed here?[solved]

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
toby_c500
Forum Commoner
Posts: 50
Joined: Fri May 11, 2007 11:29 am
Location: Leeds, England

What code is needed here?[solved]

Post by toby_c500 »

Hi,

I have been testing my registration page. I have found that if you register a username with Toby or toby, they get added to mysql. I have been looking, but can't find the code that I need to use.

Do I need to send the data to mysql all lowercase? strtolower???

Any help would be great. Thanks.

Toby
Last edited by toby_c500 on Mon May 21, 2007 11:20 am, edited 1 time in total.
User avatar
neophyte
DevNet Resident
Posts: 1537
Joined: Tue Jan 20, 2004 4:58 pm
Location: Minnesota

Post by neophyte »

You'll need to check your database to be sure they're not there before they're added. But post more details please.
toby_c500
Forum Commoner
Posts: 50
Joined: Fri May 11, 2007 11:29 am
Location: Leeds, England

Post by toby_c500 »

This is my code.

Code: Select all

<?php
require 'main.inc.php';
$link = dbconnect();

$loginid = mysql_real_escape_string($_POST['loginid'], $link) or die(mysql_error());
$password = mysql_real_escape_string($_POST['password'], $link) or die(mysql_error());


$db = mysql_select_db('jobs4alltrades', $link);

$query = "SELECT loginid FROM members WHERE `loginid`='$loginid'";
$result = mysql_query($query);
if (mysql_num_rows($result) > 0) {
        echo "<h1>Sorry</h1><br>That login name has been taken.";
        exit;
}	
if(!$link){
	echo "<h1>Sorry,</h1><br>We are having a few problems with our system. Please try again later. link";
    exit;
}
else{
   	echo "<h1>Welcome</h1><br>Your details have been stored in our database. Use the the navigation bar at the top to look for jobs.";
}




if (!$db) die('could not select the database');



$insert = "INSERT INTO members (loginid, password, firstname, surname, email,
                                                        trade, address1, address2, address3, address4,
                                                        postzip, country, yearsexp, about)
                               VALUES ('".$_POST['loginid']."', '".$_POST['password']."', '".$_POST['firstname']."',
                                                '".$_POST['surname']."', '".$_POST['email']."', '".$_POST['trade']."', '".$_POST['address1']."',
                                                '".$_POST['address2']."', '".$_POST['address3']."','".$_POST['address4']."', '".$_POST['post']."',
                                                '".$_POST['country']."','".$_POST['yearsexp']."','".$_POST['about']."')";

$result = mysql_query($insert, $link) or die("Query: $insert\n<br /.> MySQL Error: " . mysql_error());
exit;

?>
User avatar
neophyte
DevNet Resident
Posts: 1537
Joined: Tue Jan 20, 2004 4:58 pm
Location: Minnesota

Post by neophyte »

Code: Select all

<?php
require 'main.inc.php';
$link = dbconnect();

$loginid = mysql_real_escape_string($_POST['loginid'], $link) or die(mysql_error());
$password = mysql_real_escape_string($_POST['password'], $link) or die(mysql_error());


$db = mysql_select_db('jobs4alltrades', $link);

$query = "SELECT loginid FROM members WHERE `loginid`='$loginid'";
$result = mysql_query($query);
if (mysql_num_rows($result) > 0) {
        echo "<h1>Sorry</h1><br>That login name has been taken.";
        exit;
}	
if(!$link){
	echo "<h1>Sorry,</h1><br>We are having a few problems with our system. Please try again later. link";
    exit;
}
else{
   	echo "<h1>Welcome</h1><br>Your details have been stored in our database. Use the the navigation bar at the top to look for jobs.";
}




if (!$db) die('could not select the database');

/**
 * You need to preform a look up to vaildate the user name. Something like 'SELECT COUNT(*) as count FROM members WHERE loginid = "'.mysql_escape_string($loginid).'"';
 * Then you can check to see if there is some one in your db with the requested loginid. BTW your $_POST variables need to be escaped with mysql_escape_string.
 */
$insert = "INSERT INTO members (loginid, password, firstname, surname, email,
                                                        trade, address1, address2, address3, address4,
                                                        postzip, country, yearsexp, about)
                               VALUES ('".$_POST['loginid']."', '".$_POST['password']."', '".$_POST['firstname']."',
                                                '".$_POST['surname']."', '".$_POST['email']."', '".$_POST['trade']."', '".$_POST['address1']."',
                                                '".$_POST['address2']."', '".$_POST['address3']."','".$_POST['address4']."', '".$_POST['post']."',
                                                '".$_POST['country']."','".$_POST['yearsexp']."','".$_POST['about']."')";

$result = mysql_query($insert, $link) or die("Query: $insert\n<br /.> MySQL Error: " . mysql_error());
exit;

?>
I added my comments to your code.
User avatar
maliskoleather
Forum Contributor
Posts: 155
Joined: Tue May 15, 2007 2:19 am
Contact:

Post by maliskoleather »

I'm not the greatest with sql, but i think you can set a column as unique, and that will error out if you try to add another row with the same value. (can anyone with better sql expierience confirm that?)

Its better practice though to just do as mentioned above and search for the name, and then not even attempt to add it. Plus, that way you can error out, knowing what caused it... and not just have some random 'did not work' error.
toby_c500
Forum Commoner
Posts: 50
Joined: Fri May 11, 2007 11:29 am
Location: Leeds, England

Post by toby_c500 »

BRILLIANT. Thanks so much guys. Thats made it a lot clearer. I appreciate four wisdom. Thanks again.
Post Reply