i have a function to validate if a email exists in a BD, if exists the registration is not permit.
The function works well, but it shows two times the message "Your email is already registered". What is the reason of that?
function repetirDados($email) {
if(!empty($_POST['email'])) {
//Escape our posted inputs
$email = mysql_real_escape_string($_POST['email']);
$usercheck = $email;
$check = mysql_query("SELECT email FROM users WHERE email ='$usercheck'")
or die(mysql_error());
$check2 = mysql_num_rows($check);
if ($check2 == 0) {
return true;
} else {
echo '<h1>Your email is already registered</h1>';
return false;
}
}
}
no problem with this
function inserirDados($name, $email, $myPassword, $pass2 ) {
if(repetirDados($email)){
$name = mysql_real_escape_string($_POST['name']);
$email = mysql_real_escape_string($_POST['email']);
$myPassword = mysql_real_escape_string($_POST['myPassword']);
$pass2 = mysql_real_escape_string($_POST['pass2']);
$registerquery = mysql_query("INSERT INTO users (name, email, pass) VALUES ('".$name."', '".$email."', '".$myPassword."')")
or die("MySQL Error: ".mysql_error());
//let the user know of success or failure
if ($registerquery) {
echo '<h1>Registo efectuado com sucesso</h1>';
} else {
echo '<h1>Erro no registo</h1>';
}
}
Any advice? or improvement in code?
EDIT:
<div id="error" class="valid">
<ul>
<?if(!repetirDados($_POST['email'])):?><?endif?>
<?if(!inserirDados($_POST['name'],$_POST['email'], $_POST['myPassword'], $_POST['pass2'] )):?><?endif?>
</ul>
</div>
-
Maybe the function is called twice? Or after return false someone thought to add the output again? Please show the code that calls the function. The problem probably is thereCfreak– Cfreak2011年03月17日 15:58:11 +00:00Commented Mar 17, 2011 at 15:58
-
Where is the function called?sh03– sh032011年03月17日 15:58:16 +00:00Commented Mar 17, 2011 at 15:58
-
Here's a tip. First of all learn how to use PDO and prepared statements :)Ventus– Ventus2011年03月17日 15:58:25 +00:00Commented Mar 17, 2011 at 15:58
-
First you need to learn how to prevent SQL injections bobby-tables.com/php.htmlosm– osm2011年03月17日 15:59:29 +00:00Commented Mar 17, 2011 at 15:59
-
edited code, thanks, i will search about sql injectionuser455318– user4553182011年03月17日 16:01:03 +00:00Commented Mar 17, 2011 at 16:01
2 Answers 2
the problem is this
<div id="error" class="valid">
<ul>
<?if(!inserirDados($_POST['name'],$_POST['email'], $_POST['myPassword'], $_POST['pass2'] )):?><?endif?>
</ul>
</div>
as the function inserirDados call the function repetirDados i don't need to repeat. Is the reason
<div id="error" class="valid">
<ul>
<?if(!repetirDados($_POST['email'])):?><?endif?>
<?if(!inserirDados($_POST['name'],$_POST['email'], $_POST['myPassword'], $_POST['pass2'] )):?><?endif?>
</ul>
</div>
thanks for help
Comments
First look at the code doesn't seem wrong. Did you echo out $check2 to see what it returns? if it returns 0 then there is a problem with your query
also you store $_POST['email'] in $email and then in $usercheck, there is no need to store it in a second variable (unless you are planning on doing something with it first?)
also always concatenate like you did in the second code block
mysql_query("SELECT email FROM users WHERE email ='".$usercheck."'")
EDIT:
Further more you should always use full php tags <?php ?> and not the shorttags <? ?>. The shorttag for php depends on the configuration of the server.
and maybe you should consider this approach:
In your function
if ($registerquery) {
return '<h1>Registo efectuado com sucesso</h1>';
} else {
return '<h1>Erro no registo</h1>';
}
Where you call your function:
<?php
if(!$message = repetirDados($_POST['email'])):
echo $message;
endif;
if(!$message = inserirDados($_POST['name'],$_POST['email'], $_POST['myPassword'], $_POST['pass2'] )):
echo $message;
endif;
?>
NEVER PRINT something inside your function, always return a mesage