Page 1 of 1
What code is needed here?[solved]
Posted: Sun May 20, 2007 3:16 pm
by toby_c500
Hi,
I have been testing my registration page. I have found that if you register a username with Toby or toby, they get added to mysql. I have been looking, but can't find the code that I need to use.
Do I need to send the data to mysql all lowercase? strtolower???
Any help would be great. Thanks.
Toby
Posted: Sun May 20, 2007 3:53 pm
by neophyte
You'll need to check your database to be sure they're not there before they're added. But post more details please.
Posted: Sun May 20, 2007 4:02 pm
by toby_c500
This is my code.
Code: Select all
<?php
require 'main.inc.php';
$link = dbconnect();
$loginid = mysql_real_escape_string($_POST['loginid'], $link) or die(mysql_error());
$password = mysql_real_escape_string($_POST['password'], $link) or die(mysql_error());
$db = mysql_select_db('jobs4alltrades', $link);
$query = "SELECT loginid FROM members WHERE `loginid`='$loginid'";
$result = mysql_query($query);
if (mysql_num_rows($result) > 0) {
echo "<h1>Sorry</h1><br>That login name has been taken.";
exit;
}
if(!$link){
echo "<h1>Sorry,</h1><br>We are having a few problems with our system. Please try again later. link";
exit;
}
else{
echo "<h1>Welcome</h1><br>Your details have been stored in our database. Use the the navigation bar at the top to look for jobs.";
}
if (!$db) die('could not select the database');
$insert = "INSERT INTO members (loginid, password, firstname, surname, email,
trade, address1, address2, address3, address4,
postzip, country, yearsexp, about)
VALUES ('".$_POST['loginid']."', '".$_POST['password']."', '".$_POST['firstname']."',
'".$_POST['surname']."', '".$_POST['email']."', '".$_POST['trade']."', '".$_POST['address1']."',
'".$_POST['address2']."', '".$_POST['address3']."','".$_POST['address4']."', '".$_POST['post']."',
'".$_POST['country']."','".$_POST['yearsexp']."','".$_POST['about']."')";
$result = mysql_query($insert, $link) or die("Query: $insert\n<br /.> MySQL Error: " . mysql_error());
exit;
?>
Posted: Sun May 20, 2007 4:15 pm
by neophyte
Code: Select all
<?php
require 'main.inc.php';
$link = dbconnect();
$loginid = mysql_real_escape_string($_POST['loginid'], $link) or die(mysql_error());
$password = mysql_real_escape_string($_POST['password'], $link) or die(mysql_error());
$db = mysql_select_db('jobs4alltrades', $link);
$query = "SELECT loginid FROM members WHERE `loginid`='$loginid'";
$result = mysql_query($query);
if (mysql_num_rows($result) > 0) {
echo "<h1>Sorry</h1><br>That login name has been taken.";
exit;
}
if(!$link){
echo "<h1>Sorry,</h1><br>We are having a few problems with our system. Please try again later. link";
exit;
}
else{
echo "<h1>Welcome</h1><br>Your details have been stored in our database. Use the the navigation bar at the top to look for jobs.";
}
if (!$db) die('could not select the database');
/**
* You need to preform a look up to vaildate the user name. Something like 'SELECT COUNT(*) as count FROM members WHERE loginid = "'.mysql_escape_string($loginid).'"';
* Then you can check to see if there is some one in your db with the requested loginid. BTW your $_POST variables need to be escaped with mysql_escape_string.
*/
$insert = "INSERT INTO members (loginid, password, firstname, surname, email,
trade, address1, address2, address3, address4,
postzip, country, yearsexp, about)
VALUES ('".$_POST['loginid']."', '".$_POST['password']."', '".$_POST['firstname']."',
'".$_POST['surname']."', '".$_POST['email']."', '".$_POST['trade']."', '".$_POST['address1']."',
'".$_POST['address2']."', '".$_POST['address3']."','".$_POST['address4']."', '".$_POST['post']."',
'".$_POST['country']."','".$_POST['yearsexp']."','".$_POST['about']."')";
$result = mysql_query($insert, $link) or die("Query: $insert\n<br /.> MySQL Error: " . mysql_error());
exit;
?>
I added my comments to your code.
Posted: Sun May 20, 2007 7:20 pm
by maliskoleather
I'm not the greatest with sql, but i think you can set a column as unique, and that will error out if you try to add another row with the same value. (can anyone with better sql expierience confirm that?)
Its better practice though to just do as mentioned above and search for the name, and then not even attempt to add it. Plus, that way you can error out, knowing what caused it... and not just have some random 'did not work' error.
Posted: Mon May 21, 2007 11:20 am
by toby_c500
BRILLIANT. Thanks so much guys. Thats made it a lot clearer. I appreciate four wisdom. Thanks again.