PhP - MySQL email validation issue?

Hi,

I am trying to get some code straight. I know this is a complete and utter mess, my apologies (newbie coder). The aim of the script is that if the email matches a regex expression (previously defined), then it checks the database to see if the email the user has entered is already there. If it is, it prints back a message telling the user to enter a new one.

The database field itself is unique, so technically there will be no other email that is the same, however for the sake of having to redirect the user back I'd like to just keep all the validation on one page.

However, when I enter an email that already exists in the database, it still lets me continue to the database page. Not sure why this is, can anyone help me out?

Thanks

<?php
//Email Validation
$email = clean($_POST['Email1']);
$pattern = '/^([a-zA-Z0-9])+([a-zA-Z0-9\._-])*@([a-…
if ($emailpattern=(preg_match($pattern, $_POST['Email1'])) > 0){
$emailclass = "basictext";
$flag1="OK";
}
else{
$emailclass = "errortext";
$flag1="NOTOK";
$emailvalidationcheck ="NOTOK";
}
?>


<tr>
<td><div class="<?php print $emailclass; ?>">Email Address:*</div></td>
<td><input type="text" name="Email1" value="<?php print $email; ?>" size="30"/></td>
</tr>

<?php

if ($emailvalidationcheck == "NOTOK"){
$flag = "NOTOK";
print '<tr><td align="center" colspan="2" class="errorsubtext"> Please enter a valid Email Address. </td></tr>';
}
else if ($emailvalidationcheck == "OK"){

$host="***********"; // Host name
$username="*********"; // Mysql username
$password= (DATABASE_PASSWORD); // Mysql password
$db_name="********"; // Database name
$tbl_name="customers"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
$sql = mysql_query( "SELECT `customers_email_address` FROM `".$tbl_name."` WHERE `customers_email_address` = \'" . mysql_real_escape_string( $email ) . "\' LIMIT 1" );
$result = mysql_fetch_row($sql);
mysql_free_result($result);
if(isset($result[customers_email_address])){
$emailclass = "errortext";
$flag="NOTOK";
print '<tr><td align="center" colspan="2" class="errorsubtext"> This email address is already in use. </td></tr>';
}
else if(!isset($result[customers_email_address])){
$emailclass = "basictext";
$flag="OK";
}
}

?>
Thanks, will give this a go :)

Would rather just keep it all validated in PhP incase someone has Javascript turned off.

Thanks again
Still not working :/ no idea what's going on with this script, will try and re-write it differently perhaps.

Anwered 2010-03-10 21:50:36 by Erato

Why bother with the regex... Just do this
$sql="SELECT * FROM table_name WHERE customers_email_address='".$_Post['Email1']."' "
if($sql==null){
//No Email Exists
}
else{
//Email Exists
}

I would do the Regex validation in Javascript then only submit the form field when the script returns true otherwise clear the field and make it red or something. You could also use something like this for the validator.

http://labs.adobe.com/technologies/spry/samples/validationwidgets/TextfieldValidationSample.html
http://labs.adobe.com/technologies/spry/demos/formsvalidation/index.html


Heres the homepage to dl and get the documentation
http://labs.adobe.com/technologies/spry/home.html



You probably also want to escape that Post variable to prevent SQL injection