checking for duplicate email in Database

[parkerproject]

I want this code to check for duplicate email in database,but the problem is the
mysql_num_rows($emailcheck1) keep returning 0 even though the email is already in the database.please can someone help me out,because I have spent the last 2 days scratching my head

PHP Code:

if(isset($_POST['btnSubmit']))
{
    
$email = $_POST['agent_email'];
  $flag="OK";   // This is the flag and we set it to OK
  $msg="";        // Initializing the message to hold the error messages
  
   
   // checks if the email is in member DB
        
$emailcheck1 = mysql_query("SELECT * FROM agents WHERE agent_email='$email'")or die(mysql_error());
$emailcheck2 = mysql_num_rows($emailcheck1);
        
        
   if($emailcheck2 != 0 ){    // checking the length of the entered password and it must be more than 5 character in length
    $msg=$msg."Email already in use<br />";
    $flag="NOTOK";   //setting the flag to error flag.
    } 


HTML Code:

<form action="<?php echo $_SERVER['PHP_SELF']; ?>"  name="form1" method="post"  id="requestform"  enctype="multipart/form-data" >
                    
                    
                     <p><span style="color: #BD2C24;">
                            [PHP]if(isset($msg)){echo $msg;}
						   echo $emailcheck2;[/PHP]
						  	
							
                          </span>
                        
                        <p><label>Agent Email:</label>
                           <input type="text" class="text-long"  name="agent_email" value="<?php if(isset($msg)){echo $_POST['agent_email'];}?>"/>
                           
                        </p>
                        
                       
                        
                        
                        
                        

                        <input type="submit" value="Submit"  name="btnSubmit"/>


                     </fieldset>



                  </form>

[calkie_f]

I can't see anything in the code but here are a few things to check.
Did you connect to the same database in this script?
Run the query at the mysql command line. Do you get the expected result there?
Are you sure the email is in the database? Your code suggests it isn't. Are you using phpMyAdmin or mysql client to check?

Is the email padded with spaces (before or after) or typed in a different case?

I can't see why $emailcheck2 might be FALSE (an error result), but check for that just to rule it out. Use three equal signs to differentiate FALSE from 0.

Try changing your first query to

Code SQL:

SELECT * FROM agents WHERE 1

Does that still show 0 mysql_num_rows?

Whenever you take input from an external source, such as from a web page, you need to escape it to protect against SQL injections.

Code PHP:

$emailcheck1 = mysql_query(
  "SELECT * FROM agents WHERE agent_email='" .
  mysql_real_escape_string($email) . "'")
  or die(mysql_error());

HTH,
Ian

[r937]

i cannot help you with the php, but you should not need to do the SELECT at all

just the INSERT statement

that ~is~ why you're doing the SELECT, right? to see if it's safe to INSERT without creating a duplicate?

if so, you should actually let the database do the duplicate checking, not you

[WebFreakz]

i cannot help you with the php, but you should not need to do the SELECT at all

just the INSERT statement

that ~is~ why you're doing the SELECT, right? to see if it's safe to INSERT without creating a duplicate?

if so, you should actually let the database do the duplicate checking, not you

I have a question for the db to do the duplicate checking wouldnt the email field in the table have to be the index key??

[WebFreakz]

Replace your code with this code and try it... Let me know how this works for u.....

PHP Code:

if(isset($_POST['btnsubmit']))
{
        $q1 = "SELECT * FROM agents WHERE email = '" . $_POST['agent_email'] . "' ";
        $r1 = mysql_query($q1) or die(mysql_error());

        if(mysql_num_rows($r1) == '1')
        {
                $flag = "NOTOK";
                $msg = "<b>Error: The Email <font face=verdana color=red>$_POST[email]</font> is already registered!</b>";//error report dupliacte entry

        }
                else
                {

                  $flag = "OK";

        $q1 = "INSERT INTO DATABASE HERE 


[Smola]

i cannot help you with the php, but you should not need to do the SELECT at all

just the INSERT statement

that ~is~ why you're doing the SELECT, right? to see if it's safe to INSERT without creating a duplicate?

if so, you should actually let the database do the duplicate checking, not you

And what command(s) would take care of that? What would the query be?

[r937]

I have a question for the db to do the duplicate checking wouldnt the email field in the table have to be the index key??

nope, just UNIQUE

And what command(s) would take care of that? What would the query be?

with email declared UNIQUE, all you have to do is INSERT the new email

if it didn't exist, the INSERT succeeds

if the email already exists, the INSERT fails (with a specific code that you have to trap with php)

in neither case do you need to do the SELECT

[parkerproject]

How do i trap this with PHP?

[parkerproject]

This is how I trap the error mesage,but i was wondering if there is a better and more presentable way to do it

Code SQL:

 
      $sql="INSERT INTO admin_user SET
      name=' $name',
	  email=' $email',
	  username=' $username',
      password=' $password'";
      $query = mysql_query($sql)OR die("Email already in Database! Please your use Browser back button to go back");
 
      IF($query){$display = 'User Added succesfully';}