I've been searching the mySQL manual a bit and the only thing I can think of is to do a preliminary search for the values the user inputs (for a contact list, for example) and if they exist, give the user other options.
Is there another way of doing this?
Check if the entry is already there?
Moderator: General Moderators
I thought I might have been too vague... 
But yea, that's the idea. If a user was to register on a site or sign up for a weekly e-newsletter, and store their info in a mySQL db. Then they forget or somethin and sign up again. I would like to make it so that I can return an error telling them they already signed up.

But yea, that's the idea. If a user was to register on a site or sign up for a weekly e-newsletter, and store their info in a mySQL db. Then they forget or somethin and sign up again. I would like to make it so that I can return an error telling them they already signed up.
I have a kind of weird style of doing queries and such, so bear with me...
Code: Select all
<?php
$error = 0;
$query = "SELECT * FROM users_information_table";
$result = mysql_query($query) or die("<P>Query failed: ".mysql_error());
while($line = mysql_fetch_array($result, MYSQL_ASSOC))
{
// Assuming the input field where the user entered their username
// is named 'username' and the input field for their e-mail is named
// 'email' you can do a lil somethin like this...
if($_POST['username'] == $line['username'])
{
// The user's requested name is equal to a username found in the
// table. Give an error! Ahh! This is also assuming the column
// in the table for holding the usernames is entitled 'username'
$error = 1;
echo "<P>The username you requested is already in use.</P>";
}
if($_POST['email'] == $line['user_email'])
{
// The user's requested e-mail that they entered in the form
// is equal to an e-mail that's already in the database
// so we must give an error.
$error = 1;
echo "<P>The e-mail address you requested is already in the database.</P>";
}
}
if(!$error)
{
// continue with registration and add them to the table!
}
?>Just a note, why do something in php wich the database is probably doing much better already? I recommend not doing the check's in php, let the database do the check instead.Goowe wrote:I have a kind of weird style of doing queries and such, so bear with me...
Code: Select all
<?php $query = "SELECT * FROM users_information_table"; ?>
Code: Select all
<?php
$query = "SELECT * FROM users_information_table WHERE username = ";
$query .= "'".$_POST['username']."' OR user_email = '";
$query .= $_POST['email']."'";
?>Another note. It's never good to pass user input directly to the database then you're woulnarable to sql-injection.
I'm not too clear on what you mean... I can see what you are talking about in extracting the username, email, etc with a WHERE clause, but this is fuzzy to me:

And as for SQL injection, what would you recommend?haagen wrote: ...why do something in php wich the database is probably doing much better already? I recommend not doing the check's in php...