Page 1 of 1

unique email validation: calling SQL from JS?

Posted: Wed Jan 19, 2011 12:25 pm
by sonogreen
Hi:

I have a registereduser table with unique "username" and "email". How can I validate that "uniqueness" in a Javascript call?

I have an email field in "registeredusers" and an email field in the form. Then on "Submit" call the following JS:

Code: Select all

<?php
	$email_taken = 0;
	$email = trim(get_param('email'));
	if (!empty($email))
	{
		$strSQL = "select email from registeredusers where email = ".$email;
		$db->query($strSQL);
		if($db->next_record())
		{
			$email_taken = 1;
		}
	}
?>		
	if(<?php echo $email_taken;?>")
	{
		alert("This email address is already taken. Please choose a different email");
		document.getElementById("email").focus();
		return false;
	}
However, this is not working. How can I make it work?
Your help is appreciated.
Thanks
Thomas

Re: unique email validation: calling SQL from JS?

Posted: Wed Jan 19, 2011 1:34 pm
by AbraCadaver
Actually, if it set as UNIQUE in the DB, then the insert should fail and then you can redirect back to the form or on the processing page you can do a select to see if it exists and then redirect back to the form, either way.

If you can't do that then AJAX. This is just an example (not tested) and you need to make sure you add some sanitization / other checks before querying the DB and also encode the data being sent from the javascript:

Code: Select all

<html>
<head>
<script type="text/javascript">
function checkReg() {
    email = document.reg.email.value;
    xhttp = new XMLHttpRequest();
    xhttp.open("GET", "http://example.com/checkreg.php?email="+email, false);
    xhttp.send();
    response = xhttp.responseText;

    if(response == 0) {
        return true;
    } else {
        alert("This email address is already taken. Please choose a different email");
        document.getElementById("email").focus();
        return false;
    }
}
</script>
</head>

<body>
<form name="reg" action="reg.php" onsubmit="checkReg()">
<input type="text" name="username" />
<input type="text" name="email" />
<input type="submit" value="Submit" />
</form>

</body>
</html>
checkreg.php

Code: Select all

<?php
$username = $_GET['username'];
$email = $_GET['email'];
// connect to db
// SELECT count(*) FROM registereduser WHERE email='$email' LIMIT 1
// fetch $row
echo $row['count'];
?>

Re: unique email validation: calling SQL from JS?

Posted: Thu Jan 20, 2011 4:09 pm
by sonogreen
Hi AbraCadaver:

Thanks for the quick response. Even better, it is working on my page.

I do have question regarding the "COUNT(*)" select.

The previous developer used the DB_Sql class to implement all DB calls.

When I use the "Select Count" with DB_SQL it does not work, when I call "db1->f('count'), do you have any idea on how to use COUNT with DB_Sql?

I made it work with a regular "Select * from" and then check if the row count is above 0. It would be nice to know for the future. There should be also a performance difference between the 2, please correct me if I am wrong.

Here's the JS code that I actually used:

Code: Select all

    
    var email = document.form1.email.value;
    var xhttp = new XMLHttpRequest();
    xhttp.open("GET", "checkunique.php?email="+email, false);
    xhttp.send();
    var isTaken = xhttp.responseText;
    if (isTaken > 0)
    {
        alert("This email address is already taken. Please choose a different email");
        document.getElementById("email").focus();
        return false;
    }
The PHP that is called looks like that, the COUNT is commented out.

Code: Select all

<?php
	session_start();
	include("includes/common.php");

	$isTaken = 0;

/*
        // this one is not working...
	if($_GET['email'])
	{
		$email = $_GET['email'];
	
		$sql = "select count(*) from registeredusers where email='".$email."'";
		$db1->query($sql);
		$db1->next_record();
		$isTaken = $db1->f('count');
	}
*/
        // this one is working
	if($_GET['email'])
	{
		$email = $_GET['email'];
	
		$sql = "select * from registeredusers where email='".$email."'";
		$db1->query($sql);
		$isTaken = $db1->num_rows();
	}
	echo $isTaken;
?>
Thanks again.
Regards
Thomas