2 sql entries when only 1 is wanted

Questions about the MySQL, PostgreSQL, and most other databases, as well as using it with PHP can be asked here.

Moderator: General Moderators

Post Reply
bfis108137
Forum Newbie
Posts: 3
Joined: Wed Feb 07, 2007 10:39 am

2 sql entries when only 1 is wanted

Post by bfis108137 »

feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


This is my php code.  It comes from a post form on another page.  When it is run, the information gets put into my dbase twice.  I for the life of me can't figure it out why.  Maybe someone could help?

Code: Select all

<?php

include "header.php";
require_once "connection.php";
mysql_select_db("baruchha_heb", $con);


$user=$_POST['username'];
$query1="SELECT * from users WHERE username ='" . $user . "'";
$result1 = mysql_query($query1);
$rows1 = mysql_num_rows($result1);
$pass=$_POST['password'];
$lname=$_POST['lastname'];
$fname=$_POST['firstname'];
$email=$_POST['email'];
$ques=$_POST['question'];
$ans=$_POST['answer'];


if ($_POST['submit']=="submit"){
if ($rows1==0){


do{
$joinid=rand(1,30000);
$query2="SELECT * from users WHERE joinid=" . $joinid;
$result2 = mysql_query($query2);
$rows2 = mysql_num_rows($result2);
} while ($rows2 == 1);

$pass1=md5($pass);
$val="('$user', '$pass1', '$lname', '$fname', '$email', $joinid, (NOW()), '$ques', '$ans')";
$query=("INSERT INTO users (username, password, last, first, email, joinid, datejoined, question, answer) 
VALUES " . $val);
echo $query;
mysql_query($query);
if (!mysql_query($query,$con))
  {
  die('Error: ' . mysql_error());
  }
$_SESSION['query']="ran";

//$val="(NOW(), '$card1en', '$card2', 17, $rand, $user)";
//mysql_query("INSERT INTO main (dateadded, side1, side2, stage, rand, user) 
//VALUES " . $val);

  mail ( $email, "Your new baruchhabachur.com's login and activation info", "<html><body>Shalom from Israel<br>,
Here is your login information<br> 
Your username is " . $user . 
"<br>Your password is " . $pass . 
"<br>In order to use your account you must activate it.  Please click the following link or copy and paste it into 
your browser.<br><br><a href=\"www.baruchhabachur.com/flash/activate.php?join=" . $joinid. "\">Click here to activate</a></body></html>");

}


	echo "Please check your inbox in order to activate your new account";
	echo "<br>" . $val;
	 
}
if($rows1!=0){
	echo "This username has already been taken.  
	<br>Please <a href=\"join.php\">Choose</a> another one";
}
	?>

feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
Begby
Forum Regular
Posts: 575
Joined: Wed Dec 13, 2006 10:28 am

Post by Begby »

This appears to be the reason

Code: Select all

mysql_query($query);
if (!mysql_query($query,$con))
You are calling mysql_query twice.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

I'm noting several issues unrelated to the posted question:
  • SQL injection potential is very high
  • Checking for the submit button
  • potential (although probability small) of an infinite loop involving $joinid
  • session_start() doesn't appear to be called
  • the mail will be sent in plain-text
Post Reply