jQuery Remote validation

Question

I have a problem with jQuery remote validation. I am checking if email is registered, remote validation works, but it display only values - true or false and I cant submit the form than.

jQuery code :

$("#form").validate({
  rules: {
    email: {
      required: true,
      email: true,
      remote: "check-email.php"

    }
  }
});

check-mail.php code :

$email = trim(strtolower($_REQUEST['email']));


$checkemail = mysql_query("SELECT * FROM users WHERE email = '".$email."'");  

if(mysql_num_rows($checkemail) == 1)
{
$valid = 'false';
}
else
{
$valid = 'true';
} //end of $checkemail if statemant


echo json_encode($valid);

Tomalak · Accepted Answer · 2011-03-03T08:30:01.517

13

$checkemail = mysql_query("SELECT * FROM users WHERE email = '".$email."'");

Never ever ever ever do this. This is asking for trouble: SQL injection, random errors (the single quote is valid in email addresses, BTW).

There are parameterized queries, use them. It's only a few lines more of code, but it is the difference between a security flaw as wide as a barn door and a safe database interaction.

if(mysql_num_rows($checkemail) == 1)
{
$valid = 'false';
}
else
{
$valid = 'true';
}

is a very verbose way of saying

$valid = mysql_num_rows($checkemail) == 1;

According to the docs, the response of remote validation is a JSON-encoded boolean, not a JSON-encoded string.

You have "true" or "false", which will become "\"true\"" or "\"false\"" through json_encode(), which is wrong. Actual true or false will become "true" or "false", which is correct.

Setting the response content type to JSON might also be a good idea:

header('Content-type: application/json');

edited Mar 03 '11 at 08:30

answered Mar 03 '11 at 08:06

Tomalak

332,285
67
532
628

1

Useless semantics, but it threw me for a second. I think you want: `$valid = mysql_num_rows($checkemail) == 0;` – Kijana Woodard Oct 26 '11 at 01:57
@Kijana I'm not sure what the "useless semantics" are here. And no, that's not what I mean. – Tomalak Oct 26 '11 at 06:51
The "useless semantics" is me bringing this up. `$valid = mysql_num_rows($checkemail) == 1;` - won't `$valid` be true when it equals 1 which is inverse of what the OP code says? – Kijana Woodard Nov 10 '11 at 22:43
I have no idea what `mysql_num_rows` does, so I'm just guessing. Was here for the jQuery not the server code. – Kijana Woodard Nov 10 '11 at 22:51
@Kijana Yes, `$valid` will be `true` when the server returns one row. Kinda makes sense that way to me. My assumption/educated guess was that the table contains valid addresses, not invalid ones. After all, there are finite valid strings and infinite invalid strings, so I suspected the OP got it wrong. Should have pointed that out, tho. – Tomalak Nov 11 '11 at 07:42

score 1 · Answer 2 · answered Mar 03 '11 at 08:02

1

It could be just returning strings when a boolean is required. Maybe try the following:

if(mysql_num_rows($checkemail) == 1)
{
$valid = false;
}
else
{
$valid = true;
}

answered Mar 03 '11 at 08:02

Ewan Heming

4,628
2
21
20

score 1 · Answer 3 · answered Mar 03 '12 at 07:28

For the folks who are not able to get the remote validation working using above technique, following are my two cents which could help ensure you are on right track.

1). It works with v1.6.1 and above only. Stick to latest version of jQuery http://ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js

2). Opt for 'synchronous' remote execution, default being asynchronous. Set async to false.

$("#form").validate({
  rules: {
    email: {
      required: true,
      email: true,
      remote: { url:"check-email.php", async:false }
    }
  }
});

jQuery Remote validation

3 Answers3

Linked