Page 1 of 1

2 sql entries when only 1 is wanted

Posted: Tue Feb 27, 2007 10:41 am
by bfis108137
feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


This is my php code.  It comes from a post form on another page.  When it is run, the information gets put into my dbase twice.  I for the life of me can't figure it out why.  Maybe someone could help?

Code: Select all

<?php

include "header.php";
require_once "connection.php";
mysql_select_db("baruchha_heb", $con);


$user=$_POST['username'];
$query1="SELECT * from users WHERE username ='" . $user . "'";
$result1 = mysql_query($query1);
$rows1 = mysql_num_rows($result1);
$pass=$_POST['password'];
$lname=$_POST['lastname'];
$fname=$_POST['firstname'];
$email=$_POST['email'];
$ques=$_POST['question'];
$ans=$_POST['answer'];


if ($_POST['submit']=="submit"){
if ($rows1==0){


do{
$joinid=rand(1,30000);
$query2="SELECT * from users WHERE joinid=" . $joinid;
$result2 = mysql_query($query2);
$rows2 = mysql_num_rows($result2);
} while ($rows2 == 1);

$pass1=md5($pass);
$val="('$user', '$pass1', '$lname', '$fname', '$email', $joinid, (NOW()), '$ques', '$ans')";
$query=("INSERT INTO users (username, password, last, first, email, joinid, datejoined, question, answer) 
VALUES " . $val);
echo $query;
mysql_query($query);
if (!mysql_query($query,$con))
  {
  die('Error: ' . mysql_error());
  }
$_SESSION['query']="ran";

//$val="(NOW(), '$card1en', '$card2', 17, $rand, $user)";
//mysql_query("INSERT INTO main (dateadded, side1, side2, stage, rand, user) 
//VALUES " . $val);

  mail ( $email, "Your new baruchhabachur.com's login and activation info", "<html><body>Shalom from Israel<br>,
Here is your login information<br> 
Your username is " . $user . 
"<br>Your password is " . $pass . 
"<br>In order to use your account you must activate it.  Please click the following link or copy and paste it into 
your browser.<br><br><a href=\"www.baruchhabachur.com/flash/activate.php?join=" . $joinid. "\">Click here to activate</a></body></html>");

}


	echo "Please check your inbox in order to activate your new account";
	echo "<br>" . $val;
	 
}
if($rows1!=0){
	echo "This username has already been taken.  
	<br>Please <a href=\"join.php\">Choose</a> another one";
}
	?>

feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]

Posted: Tue Feb 27, 2007 1:03 pm
by Begby
This appears to be the reason

Code: Select all

mysql_query($query);
if (!mysql_query($query,$con))
You are calling mysql_query twice.

Posted: Tue Feb 27, 2007 3:31 pm
by feyd
I'm noting several issues unrelated to the posted question:
  • SQL injection potential is very high
  • Checking for the submit button
  • potential (although probability small) of an infinite loop involving $joinid
  • session_start() doesn't appear to be called
  • the mail will be sent in plain-text