Inserting form data into a DB and verifying email doesn't already

  • (2 Pages)
  • +
  • 1
  • 2

17 Replies - 497 Views - Last Post: 24 October 2017 - 12:09 PM Rate Topic: -----

#16 benanamen  Icon User is offline

  • D.I.C Head

Reputation: 17
  • View blog
  • Posts: 131
  • Joined: 28-March 15

Re: Inserting form data into a DB and verifying email doesn't already

Posted 24 October 2017 - 09:25 AM

View Postandrewsw, on 23 October 2017 - 11:17 PM, said:

Quote the exact error message, don't attempt to paraphrase.

It is the select element that needs a name, not all of the options. (Naming all the options the same probably creates an array of posted values.)


Nice catch on the "name". That's what I get for copy/pasting OP's code.
Was This Post Helpful? 0
  • +
  • -

#17 benanamen  Icon User is offline

  • D.I.C Head

Reputation: 17
  • View blog
  • Posts: 131
  • Joined: 28-March 15

Re: Inserting form data into a DB and verifying email doesn't already

Posted 24 October 2017 - 09:33 AM

OP,
You need to tell the professor he is teaching you wrong. This is very common at University. And to think you're paying for it.

You MUST use prepared Statements. Any other way is "wrong". I wont even get into that clustermuck of escaping you did in the query since you shouldn't have variables in it anyways.

As I told you, you DO NOT check if the email already exists. See my previous post.

Go back to the tutorial I gave you and learn prepared statements. You can use either Positional Placeholders (Question Marks) or Named Parameters.

If you still have a problem after that then come on back. I would also like to see an SQL dump of your DB.
Was This Post Helpful? 0
  • +
  • -

#18 ArtificialSoldier  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 1830
  • View blog
  • Posts: 5,761
  • Joined: 15-January 14

Re: Inserting form data into a DB and verifying email doesn't already

Posted 24 October 2017 - 12:09 PM

Prepared statements are easier with PDO in my opinion, that might be another reason to use PDO over mysqli. If your professor gave you a syllabus, check if prepared statements (or SQL injection) are covered in the class. If they aren't, then you should learn about them now and use them, just because it's easier to learn how to do something right the first time. The main thing to understand is that prepared statements are usually used to securely pass the data to MySQL so that the data won't break the actual SQL code. The other use (and probably the intended one) is that you can prepare a statement once, and execute it multiple times in a loop and that will be faster than executing a new query each time. That was probably the major reason for designing them (the name would support that), but the major use case in practice is passing data securely.

With PDO, you can use named parameters:
$stmt = $pdo->prepare("INSERT INTO REGISTRY (name, value) VALUES (:name, :value)");
$stmt->bindParam(':name', $name);
$stmt->bindParam(':value', $value);


Or you can use question mark placeholders:
$stmt = $pdo->prepare("INSERT INTO REGISTRY (name, value) VALUES (?, ?)");
$stmt->bindParam(1, $name);
$stmt->bindParam(2, $value);


But notice how you send the query once, and you send the data separately, instead of trying to add the data yourself to the SQL code. The PHP manual has a pretty good section. If the professor isn't going to teach you this (and many don't), you might as well take the initiative to get started on the right foot and learn it yourself.

http://php.net/manual/en/book.pdo.php
http://php.net/manua...-statements.php

Don't get confused by the fact that there are several ways to pass the data. The code above uses bindParam, but here's an example where the data is just passed to execute:

$stmt = $dbh->prepare("SELECT * FROM REGISTRY where name = ?");
if ($stmt->execute(array($_GET['name']))) {
  while ($row = $stmt->fetch()) {
    print_r($row);
  }
}


There are various ways to do it but they all accomplish more or less the same thing.
Was This Post Helpful? 0
  • +
  • -

  • (2 Pages)
  • +
  • 1
  • 2