Trying to check if email exists

[genista]

All,

 

In my registration script I am trying to check if an email address already exists (yawn I know), and I am stuck. The code highlighted in bold is where I want to check if the email exists (notice that form checking is done above that, including sorting out the email address that the user enters) and if it doesnt insert data into the table. Trouble is that on loading the page it simply states the 'already submitted' error before an email is even entered into the form:

 

 

         if(isset($_POST['name']) && !empty($_POST['name']) AND isset($_POST['email']) && !empty($_POST['email']) AND ($_POST['password']) && !empty($_POST['password'])){
        $name = mysql_escape_string($_POST['name']); // Turn our post into a local variable
        $email = mysql_escape_string($_POST['email']);
        $password = mysql_escape_string($_POST['email']);// Turn our post into a local variable
    }

$name = mysql_escape_string($_POST['name']);
$email = mysql_escape_string($_POST['email']);
$password = mysql_escape_string($_POST['password']);

if(!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $email)){
    // Return Error - Invalid Email
       $msg = 'The email you have entered is invalid, please try again.';
       
}else{
   // Return Success - Valid Email
$msg = 'Your account has been made, <br /> please verify it by clicking the activation link that has been sent to your email.';

}


    $hash = md5( rand(0,1000) ); // Generate random 32 character hash and assign it to a local variable.
    // Example output: f4552671f8909587cf485ea990207f3b

[b]$emailCheck = mysql_query("SELECT email FROM users WHERE email = '".$email."'");
if (mysql_num_rows($emailCheck) > 0) {
       echo "already submitted";
}

else
{[/b]

  
        // We have a match, activate the account
             mysql_query("INSERT INTO users (username, password, email, hash) VALUES(
    '". mysql_escape_string($name) ."',
    '". mysql_escape_string(md5($password)) ."',
    '". mysql_escape_string($email) ."',
    '". mysql_escape_string($hash) ."') ") or die(mysql_error());

 

Thanks in advance,

 

 

G

[litebearer]

1. eregi is deprecated - use preg_match.

if(!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $email))

2. you try to capture empty POSTS yet you assign them to variables anyway

         if(isset($_POST['name']) && !empty($_POST['name']) AND isset($_POST['email']) && !empty($_POST['email']) AND ($_POST['password']) && !empty($_POST['password'])){
        $name = mysql_escape_string($_POST['name']); // Turn our post into a local variable
        $email = mysql_escape_string($_POST['email']);
        $password = mysql_escape_string($_POST['email']);// Turn our post into a local variable
    }

$name = mysql_escape_string($_POST['name']);
$email = mysql_escape_string($_POST['email']);
$password = mysql_escape_string($_POST['password']);

3. rather than using the variables from 2 above, you escape them again in your query

             mysql_query("INSERT INTO users (username, password, email, hash) VALUES(
    '". mysql_escape_string($name) ."',
    '". mysql_escape_string(md5($password)) ."',
    '". mysql_escape_string($email) ."',
    '". mysql_escape_string($hash) ."') ") or die(mysql_error());

4. it makes debugging easier if you assign your queries to variables rather than puting them directly in your mysql_query. when you experience problems you can echo the query variable to make sure it contains what you expect it to contain.