This question already has an answer here:
PHP MySql - Check if value exists
(1 answer)
Closed 8 years ago.
I've got a database table with two columns:
EMAIL_ADDRESS and ACTIVATION_CODE
I need to make the script check if the Activation Code the user has submitted in the URL, matches the Email Address in the table. So far this isn't working.
$email = mysql_real_escape_string($_GET['email']);
$acticode = mysql_real_escape_string($_GET['code']);
$result = mysql_query("SELECT * FROM xActivate WHERE EMAIL_ADDRESS='$email',1");
if ($result = '$acticode') {
echo 'Code is valid';
} else {
echo 'Code is NOT valid';
}
check row with mysql_num_row
if(mysql_num_rows($result)>0){...}
and check valid code with
if(mysql_error())
You need to know the column in the database where the code is stored, also, you need to actually get the data
$email = mysql_real_escape_string($_GET['email']);
$acticode = mysql_real_escape_string($_GET['code']);
$code_found = false;
$result = mysql_query("SELECT * FROM xActivate WHERE EMAIL_ADDRESS='$email',1");
if($result) {
$row = mysql_fetch_assoc($result);
if($row) {
if ($row['codefield'] == $acticode) {
$code_found = true;
}
}
}
if($code_found) {
echo 'Code is valid';
} else {
echo 'Code is NOT valid';
}
Related
This question already has answers here:
PDO query is always returning 1 or true
(2 answers)
Closed 3 years ago.
This code is a part of registration code. But it return always "Nickname already exist". I don't understand why.
if (isset($_POST['create'])) {
$nickname = $_POST['nickname'];
$email = $_POST['email'];
$password = $_POST['password'];
$slt1 = "SELECT nickname FROM users WHERE nickname='$nickname'";
$slt2 = "SELECT email FROM users WHERE email='$email'";
$stmt1 = $db->prepare($slt1);
$stmt2 = $db->prepare($slt2);
if($stmt1->execute([$nickname])) {
echo 'Nickname already exist';
} elseif ($stmt2->execute([$email])) {
echo 'email already exist';
} else {
//more code here
}
}
The way you use execute is wrong, and what an execute returns is a Boolean value (TRUE/FALSE) but not the number of rows your query has selected/affected.
So you need to get the count of the rows that your query affects and perform the "if" on that value.
Like this,
$stmt1->execute();
$number_of_rows = $stmt1->num_rows;
if($number_of_rows == 1){
echo 'Nickname already exist';
}
else{
//your code to insert data
}
This question already has answers here:
How to check if a row exists in MySQL? (i.e. check if username or email exists in MySQL)
(4 answers)
Closed 7 years ago.
I'm making a PHP Newsletter script, I'm not very experienced in code, but I try my best to improve, I just need a few ideas in order to make this work.
function validate(){
if(isset($_POST['email'])){
$email = $_POST["email"];
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
echo "<br>Va rugam introduceti o adresa valida de email";
}else{
return 1;
}
}
}
function checkmail(){
if(validate()==1){
if(isset($_POST['email'])){
$email = $_POST['email'];
$sql = "SELECT * FROM subscribe WHERE email LIKE '$email'";
$connect = new mysqli("localhost", "root", "", "alexandru");
$result = mysqli_query($connect,$sql);
echo print_r($result);
}
}
}
I don't know how I can check the result of the query, I need some ideas, thanks
I have made this simple function which you can use.
function field_exists($field_name, $field_value, $table)
{
global $conn;
try
{
$s = $conn->prepare("SELECT * from $table where $field_name = :f_value");
$s->bindParam(':f_value', $field_value);
$s->execute();
if($s->rowCount() > 0)
{
return true;
}
else
{
return false;
}
}
catch(PDOException $e)
{
echo $e->getMessage();
}
}//function
Using this function, you can check any table for any value of the specified column.
So in your case, the $field_name would be email, $field_value would be $email and table would be subscribers.
Usage
if(field_exists("email", $email, "subscribers"))
{
//email exists
}
else
{
//email doesn't exist
}
The function would return true if this email in the table exists, and false if the email doesn't.
This code i use whithout oops concept in my practicle ithink it'll help
extract($_POST);
$qwe = "SELECT * FROM user_info where email= '$email'";
$result = mysqli_query($con, $qwe);
if (mysqli_fetch_row($result) >= 1) {
header("Location: userreg.php?err=msg");
}
else {
// query for what u want after check mail doesn't exist
}
I am trying to insert some data into a MySQL database using PHP. The code I have works fine on localhost, but when I try it on my server the reg_user_id, reg_user_access_level and reg_user_status are inserted while all the other fields are not.
Please help, I've already wasted a day trying to sort this out.
everything up to here is fine
The PHP is:
else {
//sort the data
$reg_user_name = mysql_real_escape_string($_POST['reg_user_name']);
//create a salt for the password before encryption, use the same when retrieving the password!
$salt = 'mysalt';//not actually this
//first encryption
$reg_user_password = sha1($_POST['reg_user_password']);
//second encryption with salt
$reg_user_password = sha1($salt.$reg_user_password);
$reg_user_password = mysql_real_escape_string($reg_user_password);
/*** strip injection chars from email ***/
$reg_user_email = preg_replace( '((?:\n|\r|\t|%0A|%0D|%08|%09)+)i','',$_POST['reg_user_email']);
$reg_user_email = mysql_real_escape_string($reg_user_email);
//connect to the db
include '../-useful_scripts/php/mysqli_connect_dsnydesign.php';
//check the connection
if($dbc) {
/*** check for existing username and email ***/
$query = "SELECT reg_user_name, reg_user_email FROM reg_users WHERE reg_user_name = '{$reg_user_name}' OR reg_user_email = '{$reg_user_email}';";
$result = mysqli_query($dbc, $query);
$row = mysqli_fetch_row($result);
if (sizeof($row) > 0) {
foreach($row as $value) {
echo $value.'<br>';
}
if($row[0] == $reg_user_name) {
$errors[] = 'Sorry, the username is already in use';
}
elseif($row[1] == $reg_user_email) {
$errors[] = 'This Email address is already subscribed';
}
mysqli_free_result($result);
}
else {
/*** create a verification code ***/
$verification_code = uniqid();
//set the query
$query = "INSERT INTO reg_users(reg_user_id, reg_user_name, reg_user_password, reg_user_email, reg_user_access_level, reg_user_status) VALUES (NULL, '$reg_user_name', '$reg_user_password', '$reg_user_email', '1', '$verification_code');";
//run the query
if(mysqli_query($dbc, $query)) {
just goes on to notify of submission after this.
Check that you are using the same PHP version number on your server and your localhost. mysql_real_escape_string has been deprecated in the latest version of PHP.
This question already has answers here:
Closed 10 years ago.
Possible Duplicate:
insert contacts into database but does not want to duplicate already existing contact
what i intend to do is, check if a user's account is already stored in my database, redirect to another url else store his data in the database. following is the query i wrote. it is not working please suggest where i went wrong.
thaks.
$result = mysql_query("SELECT * FROM centraluser where id = '$id'");
$row = mysql_fetch_row($result);
if($row) {
mysql_query("UPDATE central SET time = '$time' WHERE id = '$id'");
$url = "http://www.somesite.com";
echo '<script type="text/javascript"> alert("Sorry! you can't register twice.");</script>';
echo '<script type="text/javascript">top.location.href = "'.$url.'";</script>';die;exit;
}
else {
mysql_query("INSERT INTO centraluser VALUES ('$id','$name','$email','0','5000','0','0','$birthday','$time')");
echo('welcome new user');
First of all you are having the error with this code
escape string and use this code below.
and define what part of your code is still not working.
echo '<script type="text/javascript"> alert("Sorry! you can\'t register twice.");</script>';
echo '<script type="text/javascript">top.location.href = "'.$url.'";</script>';die;exit;
Hope this works
$result = mysql_query("SELECT * FROM centraluser WHERE id = '$id'");
$user_data = mysql_fetch_row($result);
if(empty($user_data)) {
$qry = "INSERT INTO centraluser VALUES ('$id','$name','$email','0','5000','0','0','$birthday','$time')";
mysql_query($qry);
$_SESSION['msg'] = 'welcome new user';
header("Location:dashboard.php"); // write your main page after login
exit();
}
else {
$qry="UPDATE central SET time = '$time' WHERE id = '$id'";
mysql_query($qry);
$url = "http://www.somesite.com";
echo '<script type="text/javascript"> alert("Sorry! you can\'t register twice.");</script>';
echo '<script type="text/javascript">top.location.href ="'.$url.'";</script>';
exit();
}
This question already has answers here:
How to prevent duplicate usernames when people register?
(4 answers)
Closed 7 months ago.
I am trying to create a user login/creation script in PHP and would like to know the best way to check if a username exists when creating a user. At the moment, I have the following code:
function createUser($uname,$pword) {
$server->connect(DB_HOST,DB_USER,DB_PASS,DB_NAME);
$this->users = $server->query("SELECT * FROM user_list");
while ($check = mysql_fetch_array($this->users) {
if ($check['uname'] == $uname) {
What I'm not sure about is the best logic for doing this. I was thinking of adding a boolean variable to do something like (after the if statement):
$boolean = true;
}
if ($boolean) {
echo "User already exists!";
}
else {
$server->query("INSERT USER INTO TABLE");
echo "User added Successfully";
}
But this seems a little inefficient - is there a more efficient way to do this? Sorry if this has a basic solution - I'm a relatively new PHP programmer.
Use the WHERE clause to get only rows with the given user name:
"SELECT * FROM user_list WHERE uname='".$server->real_escape_string($uname)."'"
Then check if the query results in selecting any rows (either 0 or 1 row) with MySQLi_Result::num_rows:
function createUser($uname,$pword) {
$server->connect(DB_HOST,DB_USER,DB_PASS,DB_NAME);
$result = $server->query("SELECT * FROM user_list WHERE uname='".$server->real_escape_string($uname)."'");
if ($result->num_rows() === 0) {
if ($server->query("INSERT INTO user_list (uname) VALUES ('".$server->real_escape_string($uname)."'")) {
echo "User added Successfully";
} else {
echo "Error while adding user!";
}
} else {
echo "User already exists!";
}
}
This basically involves doing a query, usually during validation, before inserting the member into the database.
<?php
$errors = array();
$alerts = array();
if (isset($_POST['register'])) {
$pdo = new PDO('[dsn]', '[user]', '[pass]');
// first, check user name has not already been taken
$sql = "SELECT COUNT(*) AS count FROM user_list WHERE uname = ?";
$smt = $pdo->prepare($sql);
$smt->execute(array($_POST['uname']));
$row = $smt->fetch(PDO::FETCH_ASSOC);
if (intval($row['count']) > 0) {
$errors[] = "User name " . htmlspecialchars($_POST['uname']) . " has already been taken.";
}
// continue if there are no errors
if (count($errors)==0) {
$sql = "INSERT INTO user_list ([fields]) VALUES ([values])";
$res = $pdo->exec($sql);
if ($res==1) {
$alerts[] = "Member successfully added.";
} else {
$errors[] = "There was an error adding the member.";
}
}
}
The above example uses PHP's PDO, so change the syntax to use whatever database abstraction you use.