Hi,
I have been testing my registration page. I have found that if you register a username with Toby or toby, they get added to mysql. I have been looking, but can't find the code that I need to use.
Do I need to send the data to mysql all lowercase? strtolower???
Any help would be great. Thanks.
Toby
What code is needed here?[solved]
Moderator: General Moderators
What code is needed here?[solved]
Last edited by toby_c500 on Mon May 21, 2007 11:20 am, edited 1 time in total.
This is my code.
Code: Select all
<?php
require 'main.inc.php';
$link = dbconnect();
$loginid = mysql_real_escape_string($_POST['loginid'], $link) or die(mysql_error());
$password = mysql_real_escape_string($_POST['password'], $link) or die(mysql_error());
$db = mysql_select_db('jobs4alltrades', $link);
$query = "SELECT loginid FROM members WHERE `loginid`='$loginid'";
$result = mysql_query($query);
if (mysql_num_rows($result) > 0) {
echo "<h1>Sorry</h1><br>That login name has been taken.";
exit;
}
if(!$link){
echo "<h1>Sorry,</h1><br>We are having a few problems with our system. Please try again later. link";
exit;
}
else{
echo "<h1>Welcome</h1><br>Your details have been stored in our database. Use the the navigation bar at the top to look for jobs.";
}
if (!$db) die('could not select the database');
$insert = "INSERT INTO members (loginid, password, firstname, surname, email,
trade, address1, address2, address3, address4,
postzip, country, yearsexp, about)
VALUES ('".$_POST['loginid']."', '".$_POST['password']."', '".$_POST['firstname']."',
'".$_POST['surname']."', '".$_POST['email']."', '".$_POST['trade']."', '".$_POST['address1']."',
'".$_POST['address2']."', '".$_POST['address3']."','".$_POST['address4']."', '".$_POST['post']."',
'".$_POST['country']."','".$_POST['yearsexp']."','".$_POST['about']."')";
$result = mysql_query($insert, $link) or die("Query: $insert\n<br /.> MySQL Error: " . mysql_error());
exit;
?>Code: Select all
<?php
require 'main.inc.php';
$link = dbconnect();
$loginid = mysql_real_escape_string($_POST['loginid'], $link) or die(mysql_error());
$password = mysql_real_escape_string($_POST['password'], $link) or die(mysql_error());
$db = mysql_select_db('jobs4alltrades', $link);
$query = "SELECT loginid FROM members WHERE `loginid`='$loginid'";
$result = mysql_query($query);
if (mysql_num_rows($result) > 0) {
echo "<h1>Sorry</h1><br>That login name has been taken.";
exit;
}
if(!$link){
echo "<h1>Sorry,</h1><br>We are having a few problems with our system. Please try again later. link";
exit;
}
else{
echo "<h1>Welcome</h1><br>Your details have been stored in our database. Use the the navigation bar at the top to look for jobs.";
}
if (!$db) die('could not select the database');
/**
* You need to preform a look up to vaildate the user name. Something like 'SELECT COUNT(*) as count FROM members WHERE loginid = "'.mysql_escape_string($loginid).'"';
* Then you can check to see if there is some one in your db with the requested loginid. BTW your $_POST variables need to be escaped with mysql_escape_string.
*/
$insert = "INSERT INTO members (loginid, password, firstname, surname, email,
trade, address1, address2, address3, address4,
postzip, country, yearsexp, about)
VALUES ('".$_POST['loginid']."', '".$_POST['password']."', '".$_POST['firstname']."',
'".$_POST['surname']."', '".$_POST['email']."', '".$_POST['trade']."', '".$_POST['address1']."',
'".$_POST['address2']."', '".$_POST['address3']."','".$_POST['address4']."', '".$_POST['post']."',
'".$_POST['country']."','".$_POST['yearsexp']."','".$_POST['about']."')";
$result = mysql_query($insert, $link) or die("Query: $insert\n<br /.> MySQL Error: " . mysql_error());
exit;
?>- maliskoleather
- Forum Contributor
- Posts: 155
- Joined: Tue May 15, 2007 2:19 am
- Contact:
I'm not the greatest with sql, but i think you can set a column as unique, and that will error out if you try to add another row with the same value. (can anyone with better sql expierience confirm that?)
Its better practice though to just do as mentioned above and search for the name, and then not even attempt to add it. Plus, that way you can error out, knowing what caused it... and not just have some random 'did not work' error.
Its better practice though to just do as mentioned above and search for the name, and then not even attempt to add it. Plus, that way you can error out, knowing what caused it... and not just have some random 'did not work' error.