Need help with php database code

ShadowIce

Hi all. I'm new here 🙂

Can someone please tell me why when I submit the same first AND OR last name AND OR email, more than once, it STILL allows me to submit more than 1 record to the mysql database at one time?

Code:


<?php
$conn = "localhost";
$user = "myuser";
$pass = "mypass";
$dbname = "metaldetect01";
$tbl = "users0001";
$con = mysql_connect($conn,$user,$pass);
if (!$con)
  {
  die('Could not connect to database: "' . $dbname . '" because ' . mysql_error());
  }

mysql_select_db($dbname, $con);

$sql_site = ("SELECT * FROM $tbl WHERE `id` = '$_SESSION[id]' AND `firstname` = '$_GET[firstname]' AND `lastname` = '$_GET[lastname]' AND `email` = '$_GET[email]' ");
$site_con = mysql_query($sql_site, $con) or die(mysql_error());
$numrows = mysql_num_rows($site_con);

if($numrows > 0){
while($row = mysql_fetch_array($site_con))
{

echo "user: ".$row['firstname'].", ".$row['lastname'].", email: ".$row['email']." already exists!";

}

}else{ 

$sql="INSERT INTO $tbl (firstname, lastname, email)
VALUES
('".$_GET['firstname']."','".$_GET['lastname']."','".$_GET['email']."')";

echo "You were successfully added to the database, ".$_GET['firstname'].", ".$_GET['lastname']."!";
echo "Returning you to the previous page...";

echo "<script>setTimeout('document.location=\"./ThankYou.html\";', 10000);</script>";

if (!mysql_query($sql,$con))
  {
  die('Error: ' . mysql_error());
  }

}

function safe($value){

   return mysqli_real_escape_string($con, $value);
} 

function recordExists($id,$idval,$table,$db) {//check for id=idval in table and return TRUE or FALSE
   $result = mysql_query("SELECT * FROM ".$table." WHERE ".$id."='".$idval."'") or die(mysql_error());
if(mysql_num_rows($result) > 0) {//if we found more than 0
      return true;
   }//end if row
   return false;
}

mysql_close($con)
?>

this is where it seems to screw up:

if($numrows > 0){
while($row = mysql_fetch_array($site_con))
{

echo "user: ".$row['firstname'].", ".$row['lastname'].", email: ".$row['email']." already exists!";

}

}else{ 

$sql="INSERT INTO $tbl (firstname, lastname, email)
VALUES
('".$_GET['firstname']."','".$_GET['lastname']."','".$_GET['email']."')";

echo "You were successfully added to the database, ".$_GET['firstname'].", ".$_GET['lastname']."!";
echo "Returning you to the previous page...";

echo "<script>setTimeout('document.location=\"./ThankYou.html\";', 10000);</script>";

if (!mysql_query($sql,$con))
  {
  die('Error: ' . mysql_error());
  }

}

ANY help is GREATLY appreciated! 🙂

bpat1434

WHERE `id` = '$_SESSION[id]'
when I submit the same first AND OR last name AND OR email, more than once, it STILL allows

I'm guessing that the session id is different in the database, so it won't return any rows, thus not checking for name or email address.