FILTER_VALIDATE_EMAIL and unique email check in db not working

StackOverflow https://stackoverflow.com/questions/18152562

Question

I'm fairly new to the php scene, but as I have been searching for hours on what may be wrong with this code I am at a loss. For some reason, the FILTER_VALIDATE_EMAIL and unique email check in db are not working, they are being skipped completely. I know this because when the form is submitted it kicks out an error on the last catch(PDOExceptions $ex) (not shown hear but after the last block of code below), instead of any of the other errors set to show before(shown here). No errors occur (or are shown) until insertion of the form data into the db is attempted. Since the email index is unique, it does not allow duplicate insertion. So the query failes to run and die()'s. I am trying to post the message that the email is not valid or that it is already used on the form itself without die().

First I set conditions for submission of empty inputs, and repeat error handling for all other inputs as shown for 'fname'.

    if (isset($_POST['submit'])) {  

        if(empty($_POST['fname']) ||
          empty($_POST['lname']) ||
          empty($_POST['email']) ||
          empty($_POST['password']))
        {
            if(empty($_POST['fname'])) 
        { 
            $fnamerr = "<font color=\"red\">Please enter your first name</font>";
        }

Then I validate !empty:

    } 
    else if (!empty($_POST['fname']) &&
       !empty($_POST['lname']) &&
       !empty($_POST['email']) &&
       !empty($_POST['password']))  
    { 

        if(!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) 
        { 
            $emailerr = "<font color=\"red\">Please enter a valid email address</font>";
        }       

        $query = " 
            SELECT 
                1 
            FROM users 
            WHERE 
                email = :email 
        "; 

        $query_params = array( 
            ':email' => $_POST['email'] 
        ); 

        try 
        { 
            $stmt = $db->prepare($query); 
            $result = $stmt->execute($query_params); 
        }   
        catch(PDOException $ex) 
        { 
            die ("Failed to run query: " . $ex->getMessage());          
        }

        $row = $stmt->fetch(); 

        if($row) 
        { 
            $emailerr = "<font color=\"red\">This email address is already registered</font>";
        }

What is wrong with this code? Or could be a reason that the FILTER_VALIDATE_EMAIL and unique email check in db are being skipped completely? Thanks in advance.

Was it helpful?

Solution 2

I finally figured it out, for anyone who may be looking for the same info.

if (isset($_POST['submit'])) 
    {   

        if(empty($_POST['fname']) ||
           empty($_POST['lname']) ||
           empty($_POST['email']) ||
           empty($_POST['password']))
        { 
            if(empty($_POST['fname'])) 
            { 
                $fnamerr = "<font color=\"red\">Please enter your first name</font>";
            }

Again, I did the same thing for last name, email and password for if they are empty. Then:

        } else if(!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) 
        { 
            $emailerr = "<font color=\"red\">Please enter a valid email address</font>";
            $submitted_firstname = htmlentities($_POST['fname'], ENT_QUOTES, 'UTF-8');
            $submitted_lastname = htmlentities($_POST['lname'], ENT_QUOTES, 'UTF-8');
            $submitted_email = htmlentities($_POST['email'], ENT_QUOTES, 'UTF-8');
        } else if (!empty($_POST['fname']) &&
               !empty($_POST['lname']) &&
               !empty($_POST['email']) &&
               !empty($_POST['password']))
        {                                       
            $query = " 
                SELECT 
                    1 
                FROM users 
                WHERE 
                    email = :email 
            "; 

            $query_params = array( 
                ':email' => $_POST['email'] 
            ); 

            try 
            { 
                $stmt = $db->prepare($query); 
                $result = $stmt->execute($query_params); 
            }   
            catch(PDOException $ex) 
            { 
                die ("Failed to run query: " . $ex->getMessage());
            }

            $row = $stmt->fetch(); 

            if ($row) 
            { 
                $emailerr2 = "<font color=\"red\">This email address is already registered</font>";
                $submitted_firstname = htmlentities($_POST['fname'], ENT_QUOTES, 'UTF-8');
                $submitted_lastname = htmlentities($_POST['lname'], ENT_QUOTES, 'UTF-8');
                $submitted_email = htmlentities($_POST['email'], ENT_QUOTES, 'UTF-8');

            } else
            {

Then I run the code for inserting the info into the db table. This worked beautifully. Hopefully nothing else comes up. Thanks for the comments and help.

OTHER TIPS

http://php.net/manual/en/function.filter-var.php does return the filtered value, so

$email = filter_var($_POST['email'], FILTER_VALIDATE_EMAIL);
if(false !== $email) {
        $query = " 
            SELECT 
                1 
            FROM users 
            WHERE 
                email = :email 
        "; 

        $query_params = array( 
            ':email' => $email 
        ); 

        try 
        { 
            $stmt = $db->prepare($query); 
            $result = $stmt->execute($query_params); 
        }   
        catch(PDOException $ex) 
        { 
            die ("Failed to run query: " . $ex->getMessage());          
        }

        $row = $stmt->fetch(); 

        if($row)         { 
            $emailerr = "<font color=\"red\">This email address is already registered</font>";
        }
        else {
            // ...insert record...
        }
}
else    { 
            $emailerr = "<font color=\"red\">Please enter a valid email address</font>";
}
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top