Core PHP: While Signup accepting existing email id & even accepting without email id

PHP
, , , ,
1

Hello Friends, GM :slight_smile: !

I need your kind help please for validating email ids existed in database and it should not accept like abc, or 123, email id should be proper like abc@gmail.com , means atleast with @ and .com etc.

On this page there is Signup link: https://agent.tripmagics.com/auth/

And the code used there is as below

<?php 
 include "inc/config.php";
if (isset($_POST['r_email'])) {
	$email = $_POST['r_email'];
$sql = "SELECT * FROM tbl_registration WHERE email='$email'";
    $s = $con->query($sql);
    $count = mysqli_num_rows($s);
    if ($count>=1) {
      echo "1";
    }else{
      echo "2";
    }

}
?>

And the code of config.php file which is called there is as below:

<?php
//$user_session = session_name('user_session');
//session_set_cookie_params(0, '/', '.tripmagics.com');

session_start();	
date_default_timezone_set('Asia/Kolkata');
error_reporting(0);
// session_set_cookie_params(60*24, '/', '.tripmagics.com');
// session_set_cookie_params(60*24, '/', '.tripmagics.com');
	$host_name = "localhost";
	$user_name = "tripmagic2_devansh";
	$password = "<redacted>";	
	$db = "tripmagic2_trip";

	$con = mysqli_connect($host_name,$user_name,$password,$db) ;
	if (mysqli_connect_errno()) {
      echo "Failed to connect to MySQL: " . mysqli_connect_error();
      exit();
    }else{
        //echo 'connected';
    }
    
    $baseurl = "https://tripmagics.com";

    function success_page($cont,$alert)
    {           
        $success_page = header('Location: '.$_SERVER['HTTP_REFERER'].'?cont='.$cont.'&alert='.$alert);        
        return $success_page;
    }

    
?>

I am attaching screenshot also.

triper33
triper331094Ă—1270 143 KB

Kindly help please.

Thank you in advance. Good day!

2

I would suggest that a better way to handle it would be to set the “email” column as unique in your database table, insert the new address (once you’ve checked that it meets the correct format) and then handle the “duplicate” error from the database if it already exists.

By running a query to see if it exists, then a separate query to insert it, you’re allowing a situation called (I think) a “race condition”, where two users can sign up at virtually the same time with the same email address, because you have no control over how the server schedules the two processes, or even if the two processes run on the same server. It’s entirely possible that the first “check” query will run and not find the email address, then the check-query for the second user will run and get the same results, then the two inserts will run, and you end up with duplicates.

Let the database do the work, it can handle it.

 if ($count>=1) {

Why would you allow more than one row in the database to have the same email address?

error_reporting(0);

While you’re developing the code, I’d suggest this is the wrong setting. You should consider perhaps using

error_reporting(E_ALL);

As for validating the email to make sure it’s valid, what have you tried? There’s a function called filter_var() that will do basic checks.

You also need to read up on Prepared Statements rather than concatenating variables directly into queries as you do.

Finally, in the nicest possible way, don’t put code on here as screen-shots. If someone wants to try your code out to try to help you with a problem, they can’t copy-paste from a screen-shot into a code editor.

2 Likes
3

Hello droopsnoot,
Really thankful for your detailed reply and suggestion.

I have added error_reporting(E_ALL); in config.php but it didn’t work.

Other codes you sent, were already there.

And I have no idea filter_var()

where and how to add this, kindly help.

The code I sent here in screenshot was just an extra thing :slight_smile:

4

What does that mean? Did it give you an error message? If so, what was it? If not, in what way did it not work?

If only the entire PHP language was fully documented on line, it would save people from having to write it all out again. :slight_smile:

https://www.php.net/manual/en/function.filter-var.php

That was one of the top results when I searched for “php validate email address”. There may be better ways to do it now, I’m sure someone will point them out.

5

Thanks for reply.

What does that mean? Did it give you an error message? If so, what was it?

It’s same, accepting email like just abc, without @ and without.com etc, and accepting existed mobile number also for registration.

I will try to work on filter_var also later

Regards,

6

That change in itself was just to stop PHP suppressing error messages - while you’re developing your code, you want to see all error messages, not hide them away. It won’t have made any difference to whether your code accepts invalid email addresses - you’ll have to write that bit yourself. Again, the error_reporting() function is fully documented so you can see what it was intended to do.

1 Like
7

ok droopsnoot thanks a lot for your kind help and time :slight_smile:

8

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.