Avoid duplicate form entries

I have a php code for a sign up form, it stores the details to a table(temp_members_db), then sends a confirmation code to the email entered. If the code is clicked, the details from temp_members_db is transferred to a new table registered_members, from which login details are checked if a user logs in.

The problem is related to the signup code, how can I avoid duplication of emails and username? My code is:

[php]

<?php include('config.php'); $tbl_name=temp_members_db; $confirm_code=md5(uniqid(rand())); $name=$_POST['name']; $email=$_POST['email']; $password=$_POST['password']; $password_confirm=$_POST['password_confirm']; $sql="INSERT INTO $tbl_name(confirm_code, name, email, password)VALUES('$confirm_code', '$name', '$email', '$password')"; $result=mysql_query($sql); if ($password != $password_confirm) { echo "Password do not match"; } else if ($result) { $to=$email; $subject="Your confirmation link here"; $header="from: Name "; $message="Your Comfirmation link \r\n"; $message.="Click on this link to activate your account \r\n"; $message.="http://[email protected]/confirmation.php?passkey=$confirm_code"; $sentmail = mail($to,$subject,$message,$header); } else { echo "Email not found"; } if($sentmail){ echo "Your Confirmation link Has Been Sent To Your Email Address."; } else { echo "
Cannot send Confirmation link to your e-mail address"; } ?>

[/php]

Thanks

[php]
else {
echo “
Cannot send Confirmation link to your e-mail address”;
}
[/php]

There are two ways to do it. However, they eventually both boil down to the same code on the MySQL end.

Your request does not change. In the first method, you explicitely SELECT to see if there are rows that match, like this:

[php]$sql=“SELECT email FROM $tbl_name WHERE email=’”.mysql_real_escape_string($email)."’ OR name=’".mysql_real_escape_string($name)."’";
$r = mysql_query($sql) or throw new Exception(mysql_error());
if (mysql_num_rows($r)) {
// You have a duplicate
}[/php]

The other is to set a UNIQUE index in MySQL on the name column, and another UNIQUE index on the email column. This will cause your INSERT to fail if there is a duplicate - so instead of doing an explicit SELECT request, you’ll be checking for errors on your INSERT query.

I made the fields unique, still it sends the email o the entered email…

I told you, you need to modify your script to watch for errors returned from mysql_query. If mysql_query fails, it returns false. You need to explicitely check for this:

I’m pretty new to php, can you please explain me with few more steps…
Thank you

Your code should already branch out of sending the email. Are you sure you’ve set name and email SEPARATELY as unique indices? If not, you’ll have a problem.

Yes, i made the email and name column unique in temp_members_db through phpmyAdmin

Did you check both and then click UNIQUE? If so, you created a composite index on (name, email), NOT two indices. This is completely different - it will match unique (name, email) pairs, not separate values.

Check one, click unique. Go back, check the other, click unique.

Yes, I did that mistake, it works now.

But it echos ‘Email not found’ for both conditions, i.e if email already exist and username already exist. How can I add separate error message?

You need to change the order of the if/else statements you have. Right now, it’s a bit of a jumbled mess Consider using exceptions, like so:

[php]
include(‘config.php’);

try {
$tbl_name=temp_members_db;
$confirm_code=md5(uniqid(rand()));

$name=$_POST['name']; $email=$_POST['email']; $password=$_POST['password']; $password_confirm=$_POST['password_confirm'];

if ($password != $password_confirm) throw new Exception("Passwords do not match");

$sql="INSERT INTO $tbl_name(confirm_code, name, email, password)VALUES('$confirm_code', '$name', '$email', '$password')";
$result=mysql_query($sql);
if (!$result) throw new Exception("Already found in DB");

$to=$email;
$subject="Your confirmation link here";
$header="from: Name <[email protected]>";
$message="Your Comfirmation link \r\n"; $message.="Click on this link to activate your account \r\n";
$message.="http://[email protected]/confirmation.php?passkey=$confirm_code";
$sentmail = mail($to,$subject,$message,$header);
if (!$sentmail) throw new Exception("Cannot send Confirmation link to your e-mail address");
echo "Your Confirmation link Has Been Sent To Your Email Address.";

} catch (Exception $e) {
echo $e->getMessage();
}[/php]

It is worth noting that using throw halts your current code execution and goes to the nearest encapsulating try/catch block. So, the moment you throw your exception, the code does not run anymore. This allows you to make your code so much more readable.

This doesn’t show separate errors, but will do.

Thanks a lot. Love this forum

And just one more thing, it accepts duplicates if the password field is left empty, how do i make it as a required field?

[php]if (!empty(trim($password))) { }[/php]

The trim() is to strip spaces from the left and right of the string.

I added it below $password != $confirm_password
it shows an error :
“Can’t use function return value in write context”

Sorry, my bad. I’m using a modified version of PHP in development to clear this specific error and forgot about it.

$password = trim($_POST[‘password’]);

From there, you can just check if $password is empty without the need to trim it again.

if $password = trim($_POST['password']) throw new Exception("Password can't be left empty");

Is this what i should add? Because I added this and it’s still accepting blank password field.

Think in terms of the syntax. a single equal means “assign”. Two equals (or three, with some differences) means “compare”.

What you’ve got to add is:
[php]$password = trim($_POST[‘password’]);
if (empty($password)) throw new Exception(“Password can’t be left empty”);[/php]

Works great! Thanks a lot!