Check for entry and prevent duplicate inputs

I have a small subscription script but its missing to vital things. Its does not check to see if the entry exists and it will allow duplicate entries. SO I would like so this script checks if the entry has already been submitted if it hasnt then it adds it. If it does exsist then it gives a nice statement like "you have already subscribed for our newsletter" and does not add it again to the table

<?php
function checkEmail($email)
{
if (!ereg("^[^@]{1,64}@[^@]{1,255}$", $email))
{
return false;
}
$email_array = explode("@", $email);
$local_array = explode(".", $email_array[0]);
for ($i = 0; $i < sizeof($local_array); $i++)
{
if (!ereg("^(([A-Za-z0-9!#$%&'*+/=?^_`{|}~-][A-Za-z0-9!#$%&'*+/=?^_`{|}~\.-]{0,63})|(\"[^(\\|\")]{0,62}\"))$", $local_array[$i]))
{
return false;
}
}
if (!ereg("^\[?[0-9\.]+\]?$", $email_array[1]))
{
$domain_array = explode(".", $email_array[1]);
if (sizeof($domain_array) < 2)
{
return false;
}
for ($i = 0; $i < sizeof($domain_array); $i++)
{
if (!ereg("^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|([A-Za-z0-9]+))$", $domain_array[$i]))
{
return false;
}
}
}
return true;
}

$subscribed = "";

if ($_REQUEST['Submit'] == "Subscribe")
{
require("some.php");
if ( checkEmail($_REQUEST['email']) == true )
{
mysql_connect($db_addr, $db_user, $db_pass) or die(mysql_error());
mysql_select_db($db_name) or die(mysql_error());
$md5 = md5(microtime () * mktime());
$id = substr( $md5,0,8 );
$query = mysql_query("INSERT INTO `subscribers` ( `mail`, `unsubscribe` )
VALUES ('$_REQUEST[email]', '$id')")
or die(mysql_error());
$subscribed = "<center><font color='#223C57'><u>You have successfuly subscribed for newsletters...</u></font></center><br>";
}
else
{
$subscribed = "<font color='#FF0000'>Incorrect e-mail address! Please try again...</font>";
}
}
else if ($_REQUEST['tellAFriend'] == "Tell a Friend")
{
if ( checkEmail($_REQUEST['fEmail']) == true && checkEmail($_REQUEST['myEmail']) == true)
{
$to = $_REQUEST['fEmail'];
$subject = "Hi, I've found a very interesting website";
$body = "I've found a great site - YoMama.com and I wanted to tell you about it.
It's Great!";
$headers = "From: ".$_REQUEST['myEmail']."\n";

@mail($to,$subject,$body,$headers);
$subscribed = "<font color='#00FF66'>Thanks ! Your friend now knows about the great website you've found!</font>";
}
else
{
$subscribed = "<font color='#FF0000'>Incorrect e-mail address! Please try again...</font>";
}
}

?>

PHP:

 

I tried to add this

       if ($subscibers->mail == $mail) {
           displayError("You have already subscribed to our newsletter.");
           exit();
       }

PHP:

Got a "displayError" error so I then tried

       if ($subscibers->mail == $mail) {
           $subscribed("You have already subscribed to our newsletter.");
           exit();
       }

PHP:

Didnt work I am at a lose on this one

 

Anyone able to help me out on this one?

 

It's really basic, what you want to do is run a SELECT query, and check if mail=$_REQUEST['mail'] and then check if mysql_numrows($query) > 0 or not. It's really really basic, so I'll let you interpret that and put it all together. And really, you need to be sanitizing all your inputs, you're just begging for someone to come and sql inject the shit out of your server. Instead of just puttin $_REQUEST['mail'] right into your query, do mysql_real_escape_string($_REQUEST['mail']). Also, it's better to use $_GET or $_POST depending on which you want, $_REQUEST is just generic and is even easier to abuse or get negligent with.

 

If someone can fix this please let me know how much it will cost. Just need this fixed.

 

Where did you get the subscription script from? Whithout seeing this, or more of the code that you are using it will be difficult (impossible) to fix.

Brew

 

It was made for a site of mine. As far as I know this is the complete script. Its all I have and it works. Just doesnt check for duplicate entries

 

<?php
function checkEmail($email)
{
if (!ereg("^[^@]{1,64}@[^@]{1,255}$", $email))
{
return false;
}
$email_array = explode("@", $email);
$local_array = explode(".", $email_array[0]);
for ($i = 0; $i < sizeof($local_array); $i++)
{
if (!ereg("^(([A-Za-z0-9!#$%&'*+/=?^_`{|}~-][A-Za-z0-9!#$%&'*+/=?^_`{|}~\.-]{0,63})|(\"[^(\\|\")]{0,62}\"))$", $local_array[$i]))
{
return false;
}
}
if (!ereg("^\[?[0-9\.]+\]?$", $email_array[1]))
{
$domain_array = explode(".", $email_array[1]);
if (sizeof($domain_array) < 2)
{
return false;
}
for ($i = 0; $i < sizeof($domain_array); $i++)
{
if (!ereg("^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|([A-Za-z0-9]+))$", $domain_array[$i]))
{
return false;
}
}
}
return true;
}

$subscribed = "";
if ($_REQUEST['Submit'] == "Subscribe")
{
require("some.php");
if ( checkEmail($_REQUEST['email']) == true )
{
mysql_connect($db_addr, $db_user, $db_pass) or die(mysql_error());
mysql_select_db($db_name) or die(mysql_error());
$md5 = md5(microtime () * mktime());
$id = substr( $md5,0,8 );
$sql = "SELECT `mail` FROM `subscribers` WHERE `mail` = '$_REQUEST[email]'";
$result = mysql_query($sql) or die(mysql_error());
if(mysql_num_rows($result) > 0) {
           $subscribed("You have already subscribed to our newsletter.");
		   exit();
	}
$query = mysql_query("INSERT INTO `subscribers` ( `mail`, `unsubscribe` )
VALUES ('$_REQUEST[email]', '$id')")
or die(mysql_error());
$subscribed = "<center><font color='#223C57'><u>You have successfuly subscribed for newsletters...</u></font></center><br>";
}
else
{
$subscribed = "<font color='#FF0000'>Incorrect e-mail address! Please try again...</font>";
}
}
else if ($_REQUEST['tellAFriend'] == "Tell a Friend")
{
if ( checkEmail($_REQUEST['fEmail']) == true && checkEmail($_REQUEST['myEmail']) == true)
{
$to = $_REQUEST['fEmail'];
$subject = "Hi, I've found a very interesting website";
$body = "I've found a great site - YoMama.com and I wanted to tell you about it.
It's Great!";
$headers = "From: ".$_REQUEST['myEmail']."\n";

@mail($to,$subject,$body,$headers);
$subscribed = "<font color='#00FF66'>Thanks ! Your friend now knows about the great website you've found!</font>";
}
else
{
$subscribed = "<font color='#FF0000'>Incorrect e-mail address! Please try again...</font>";
}
}

?>

PHP:

Added

<?php
$sql = "SELECT `mail` FROM `subscribers` WHERE `mail` = '$_REQUEST[email]'";
$result = mysql_query($sql);
if(mysql_num_rows($result) > 0) {
           $subscribed("You have already subscribed to our newsletter.");
		   exit();
	}
?>

PHP:

After

<?php
$md5 = md5(microtime () * mktime());
$id = substr( $md5,0,8 );
?>

PHP:

and Before

<?php
$query = mysql_query("INSERT INTO `subscribers` ( `mail`, `unsubscribe` )
VALUES ('$_REQUEST[email]', '$id')")
or die(mysql_error());
?>

PHP:

Give it a try and let me know!

 

Gives a "Call to undefined function ()"

 

<?php
function checkEmail($email) {
  if (!ereg("^[^@]{1,64}@[^@]{1,255}$", $email)) {
    return false;
  }
  $email_array = explode("@", $email);
  $local_array = explode(".", $email_array[0]);
  for ($i = 0; $i < sizeof($local_array); $i++) {
    if (!ereg("^(([A-Za-z0-9!#$%&'*+/=?^_`{|}~-][A-Za-z0-9!#$%&'*+/=?^_`{|}~\.-]{0,63})|(\"[^(\\|\")]{0,62}\"))$", $local_array[$i])) {
      return false;
    }
  }
  if (!ereg("^\[?[0-9\.]+\]?$", $email_array[1])) {
    $domain_array = explode(".", $email_array[1]);
    if (sizeof($domain_array) < 2) {
      return false;
    }
    for ($i = 0; $i < sizeof($domain_array); $i++) {
      if (!ereg("^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|([A-Za-z0-9]+))$", $domain_array[$i])) {
        return false;
      }
    }
  }
  return true;
}

$subscribed = "";

if ($_REQUEST['Submit'] == "Subscribe") {
  require("some.php");
  if ( checkEmail($_REQUEST['email']) == true ) {
    mysql_connect($db_addr, $db_user, $db_pass) or die(mysql_error());
    mysql_select_db($db_name) or die(mysql_error());

    $query = sprintf("SELECT * FROM subscribers WHERE mail='%s'", mysql_real_escape_string($_REQUEST['email']));
    $result = mysql_query($query) or die(mysql_error());
    if (mysql_num_rows($result)) {
      $subscribed = '<span style="color:#FF0000">You have already subscribed to our newsletter.</span>';
    } else {
      $md5 = md5(microtime () * mktime());
      $id = substr( $md5,0,8 );
      $query = sprintf("INSERT INTO subscribers (`mail`, `unsubscribe`) VALUES ('%s', '%s')", mysql_real_escape_string($_REQUEST['email']), $id);
      mysql_query($query) or die(mysql_error());
      $subscribed = '<span style="color:#223C57">You have successfuly subscribed for newsletters...</span>';
    }
  } else {
    $subscribed = '<span style="color:#FF0000">Incorrect e-mail address! Please try again...</span>';
  }
} else if ($_REQUEST['tellAFriend'] == "Tell a Friend") {
  if ( checkEmail($_REQUEST['fEmail']) == true && checkEmail($_REQUEST['myEmail']) == true) {
    $to = $_REQUEST['fEmail'];
    $subject = "Hi, I've found a very interesting website";
    $body = "I've found a great site - YoMama.com and I wanted to tell you about it. It's Great!";
    $headers = "From: ".$_REQUEST['myEmail']."\n";

    @mail($to,$subject,$body,$headers);
    $subscribed = '<span style="color:#00FF66">Thanks ! Your friend now knows about the great website you\'ve found!</span>';
  } else {
    $subscribed = '<span style="color:#FF0000">Incorrect e-mail address! Please try again...</span>';
  }
}
?>

PHP:

...is more or less what projectshifter was suggesting. It includes the mysql_real_escape_string fix and I have swapped out your deprecated font tags for span tags with inline styles.

 

stoli Thank you very much, This seems to be working perfectly. I greatly appreciate. If you want something for your time please let me know.

 

No problem Mr.Bill, glad to be able to help.