Prevent duplicate email address in PHP sign up form

Question

I've looked around the boards but there are no complete answers that I could find. I'm using PHP and MySQL to create and manage a volunteer sign up form.

I need to make sure that there are no duplicate email addresses (email key is UNIQUE)

Here is the code I'm working with, however I need help with understanding where to put the function as I'm also using check_input to strip slashes etc.

The results are that the test entries using a duplicate email don't post to the database, however on the process page it still gives the user their confirmation instead of an error.

The following code is on the process.php page, after the DB connection PHP and INSERT code:

      <?php

  function createUser($email)
  {
       $sql = "SELECT * FROM vols2012 WHERE email='$email'" ;

       $result = mysql_query( $sql ) ;

       if( mysql_num_rows( $result ) > 0 )
       {
   die( "There is already a user with that email!" ) ;
       }//end if


  function check_input($data, $problem='')
  {
      $data = trim($data);
      $data = stripslashes($data);
      $data = htmlspecialchars($data);
      if ($problem && strlen($data) == 0)
      {
          show_error($problem);
      }
      return $data;
  }

  function show_error($myError)
  {

  }

  ?>

check_input() is pointless, validate the address and then use the proper sanitation depending on db connector. — , Feb 28 '12 at 02:06
check_input is to keep out MySQL injections- what are the alternatives? — AAAndreAAA, Feb 28 '12 at 02:07
This seems a little bit unclear. Can we assume $data is raw POST from a form's input text field? And when you say you're not understanding where to put "the function," which is that? The createUser() function doesn't currently create anything at all. It's tough to answer when the whole setup is a little fuzzy. — Matt Stein, Feb 28 '12 at 02:08
Okay- I've done that before- I will go back and update. Maybe if I tell you the issue, we'll find a better solution. A lot of the submitters seem to make a mistake after sending and then resend their information. Is there a better way to allow them to update? I don't want them to be able to go back and edit their entries as they're offering info like available times and if they can change that, I'm screwed as I'm also coordinating the volunteer schedule :) — AAAndreAAA, Feb 28 '12 at 02:12
Maybe it would work better to have a message/solution: You have already submitted your xxx. If you need to edit your information, please email x@xx.com -- — AAAndreAAA, Feb 28 '12 at 02:13
Will do. Just trying to figure out this error/duplicate entry thing... — AAAndreAAA, Feb 28 '12 at 02:49

score 2 · Answer 1 · answered Feb 28 '12 at 03:17

Check this code, you need something similar:

// Code of your database connection here

function checkEmail($email) {
    $email = mysql_real_escape_string($email);

    $sql = mysql_query("SELECT * FROM vols2012 WHERE email='$email'");

    if (mysql_num_rows($sql) == 0) {
        return true;
    }

    return false;
}

if (checkEmail($_POST['email'])) {
    // Continue insert
} else {
    // Warning for e-mail already exists
}

The validation to use checkEmail is exactly you need and you do not use in your code currently.

Prasad Rajapaksha · Answer 2 · 2012-02-28T02:29:03.917

0

First thing you have to do is set your database table's email address field as Unique Index.

And you can use following kind of function to check whether the email address is already available.

function isAvailable($email)
  {
       $sql = "SELECT email FROM vols2012 WHERE email='$email'" ;

       $result = mysql_query( $sql ) ;

       if( mysql_num_rows( $result ) > 0 )
       {
            return true;
       }
       return false;
}

EDIT

And according to the code you have put at http://pastebin.com/bYRvLX94 This validation need to be done before line number 15 $sql.

edited Feb 28 '12 at 02:29

answered Feb 28 '12 at 02:06

Prasad Rajapaksha

6,118
10
36
52

It is set to unique which is why it's not accepting the entries- however the 'thank you, your application has been received' message still generates- not an error... – AAAndreAAA Feb 28 '12 at 02:08
Friend I think your code sample is not complete one. Even it almost has syntax errors. Can you check it once again. – Prasad Rajapaksha Feb 28 '12 at 02:13
See the last line of my answer. – Prasad Rajapaksha Feb 28 '12 at 02:29

score 0 · Accepted Answer · edited Jun 04 '12 at 23:14

0

function createUser($email){
   $sql = "SELECT count(email) FROM vols2012 WHERE email='$email'" ;

   $result = mysql_result(mysql_query($sql),0) ;

   if( $result > 0 ){
    die( "There is already a user with that email!" ) ;
   }//end if
}

This might work better for you. I would need to see more of your code to further help you out.

edited Jun 04 '12 at 23:14

AJ OP

345
2
5
16

answered Feb 28 '12 at 02:17

Eric Witchin

574
2
8

I guess my question is where exactly to place that function in my code. I'm new to this but quick to catch on w/ a little guidance :) Is it after the DB connection or down after
? The code is here http://pastebin.com/bYRvLX94
– AAAndreAAA Feb 28 '12 at 02:19
You would need to do it before your insert – Eric Witchin Feb 28 '12 at 02:20
http://pastebin.com/w0AiP4ye I'm still getting the 'good' confirmation message and not the die message...but we're not getting duplicate entries in the database, so the UNIQUE setting is good. – AAAndreAAA Feb 28 '12 at 02:28
are you calling the function or are you just pasting the function there and never calling it? – Eric Witchin Feb 28 '12 at 02:30
After looking at your code, you are not calling the function. You must call functions like createUser($email); in order for them to run. If you just put the function there, it will not execute. – Eric Witchin Feb 28 '12 at 02:37
http://pastebin.com/87U62aDr I'm calling the function (I know I am now bc I did it twice and the error told me I couldn't do that :) ) BUT it's still showing the 'good' message. Ooof. I knew I'd learn this the hard way...I really appreciate all of your help so far and any future efforts! – AAAndreAAA Feb 28 '12 at 02:47
Scratch to auto-chat request plz – AAAndreAAA Feb 28 '12 at 02:59
Where are you calling the function? I do not see it in the code you linked to. I only see the function itself. When you say the error told you, are you talking about the die() statement you have within that function? – Eric Witchin Feb 28 '12 at 15:11
I am going back to basics and starting over w/ same page validation- my structure was way whack- – AAAndreAAA Feb 28 '12 at 17:34

score 0 · Answer 4 · answered Feb 28 '12 at 08:38

You haven't call the function createUser anywhere in your code. I think this one would be helpful:

function check_input($data, $problem='')
  {
      $data = trim($data);
      $data = stripslashes($data);
      $data = htmlspecialchars($data);
      if ($problem && strlen($data) == 0)
      {
          show_error($problem);
      }
      else
      {
         if(createUser($data))
         {
           //insert in database
         }
         else
         {
           die('Email already exists');
         }
      }
  }


function createUser($email)
  {
       $sql = "SELECT * FROM vols2012 WHERE email='$email'" ;

       $result = mysql_query( $sql ) ;

       if( mysql_num_rows( $result ) > 0 )
       {
          return false;
       }
       else
       {
          return true;
       }

   }

Prevent duplicate email address in PHP sign up form

4 Answers4