Home/ Questions/Q 7824693
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-02T08:41:16+00:00

I am very new to PHP. The code below has been cobbled together from

  • 0

I am very new to PHP. The code below has been cobbled together from numerous tutorials I have found online and it is working how I would like. I have had an email from my tutor requesting that we add code that would prevent duplicate email addresses being entered. I have the code that needs to be added but I do not have a clue where it should go.

Here is the existing code:

<?
include('config.php');

// table name 
$tbl_name=temp_members;

// Random confirmation code 
$confirm_code=md5(uniqid(rand()));

// values sent from form 
$email=$_POST['email'];
$password=$_POST['password'];
$firstname=$_POST['firstName'];
$lastname=$_POST['lastName'];

// Insert data into database 
$sql="INSERT INTO $tbl_name(confirm_code, email, password, firstname,     lastname)VALUES('$confirm_code', '$email', '$password', '$firstname', '$lastname')";
$result=mysql_query($sql);



// if suceesfully inserted data into database, send confirmation link to email 
if($result){

// ---------------- SEND MAIL FORM ----------------

// send e-mail to ...
$to=$email;

// Your subject
$subject="Francis Flower confirmation link";

// From
$headers="from: Francis Flower Admin <francis.flower.contact@gmail.com>";
$headers .= "MIME-Version: 1.0\r\n";
$headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n";

// Your message
$message = '<html><head>';
$message .= '<style type="text/css">
                        body {
                            font-family: Helvetica,         Arial;
                        }
                        .center {
                            text-align: left;
                        }
                        </style>';
$message .= '<body><div class="center"><img src="http://www.jblanksby.yourwebsolution.net/images/logo.png"/>';
$message .= "<p>Dear " .$_POST['firstName']. "&nbsp;" .$_POST['lastName'].", </p>";
$message .= '<p>Thank you for signing up for an account at Francis Flower. </p>';
$message .= '<p>Your new account details are below: </p>';
$message .= "<p>Email Address: ".$_POST['email']. "</p>";
$message .= "<p>Password: " .$_POST['password']. "</p>";
$message .= "<p>Before you can login, you need to activate your account using the link below:</p>";
$message .= "<p>Click on this link to activate your account</p>";
$message .= "<p>http://jblanksby.yourwebsolution.net/confirmation.php?passkey=$confirm_code</p>";
$message .= '</div></body></html>';

// send email
$sentmail = mail($to,$subject,$message,$headers);

}

// if not found 
else {
echo "Not found your email in our database";
}

// if your email succesfully sent
if($sentmail){ ?>
echo "Mail has been sent";
} else { 
echo "Mail has not been sent"}; 
?>

And here is the code the captures duplicate emails that I would like included in the above code:

$query = "SELECT * FROM $tbl_name WHERE email = '{$email}'";

$result = mysql_query($query);

if ( mysql_num_rows ( $result ) > 1 )
{
    /* Username already exists */
    echo 'Username already exists';
}
else
{
    /* Username doesn't exist */
    /* .. insert query */
}

Any assistant with this would be great!

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    It should be placed right before you do the INSERT statement.

    Note that your script is vulnerable to a SQL injection attack. At a minimum, call mysql_real_escape_string() on your $_POST input values:

    // Get email from the form before checking if it was already inserted
// you don't need the other form values yet...
$email = mysql_real_escape_string($_POST['email']);

$query = "SELECT * FROM $tbl_name WHERE email = '{$email}'";
$result_eml = mysql_query($query);

// Added some error checking here to make sure the query succeeded
// Also here, check for > 0, not > 1 -- you want to find out if 1 or more rows exist, not that 2 or more exist...
if ( $result_eml && mysql_num_rows ( $result_eml ) > 0 )
{
    /* Username already exists */
    echo 'Username already exists';
}
else if (!$result) {
   // error in query
}
else
{

  // table name 
  $tbl_name=temp_members;

  // Random confirmation code 
  $confirm_code=md5(uniqid(rand()));

  // Other values sent from form 
  $password = mysql_real_escape_string($_POST['password']);
  $firstname = mysql_real_escape_string($_POST['firstName']);
  $lastname = mysql_real_escape_string($_POST['lastName']);

  // Insert data into database 
  $sql="INSERT INTO $tbl_name(confirm_code, email, password, firstname,     lastname)VALUES('$confirm_code', '$email', '$password', '$firstname', '$lastname')";
  $result=mysql_query($sql);

  // etc....

}

    I’m not certain if this for an assignment or for production code, but I will add that it is a very bad idea to send a user’s password via email. Email is basically like a postcard — unless you send it with encryption (which almost no one on earth does these days), it can be read by any server admin anywhere along its network path from sending point to receiving point.

    • 0