Doing a select to get every record, and then looping through them all,
concatenating a bunch of stuff together, and then using PHP to test ==
is not very efficient...
Why not just:
$sql = array_map('mysql_real_insert_string', $POST);
$query = " select count(*) from central ";
$query .= " where conName = $sql[conName] ";
$query .= " and conAddress = $sql[conAddress] ";
.
.
.
$query .= " and SOME_DATETIME_FIELD_WHEN_THEY_REGISTERED >=
date_sub(now(), interval 1 day) ";
Also note that your are currently comparing the $_POST['timeStamp']
which is *probably* generated at the time the HTML form was sent with
time(); which is when the script is processing, which will be MUCH
less than one day, unless a user opens up the form, walks away for 24
hours, and then comes back to complete registration...
You need a field in the database from previous registration to compare
to time().
Also note that, in general, it's very very very easy to subvert this
by simply changing non-essential data in the input.
E.g., I live at:
6112 N Wolcott
6112 North Wolcott
6112 N. Wolcott
6112 N Wolcott Ave
.
.
.
I could easily register 20 times a day, if I like, and you'd never
catch it.
So, given all that, and given what you are TRYING to do, I'd suggest
just going on their PHONE number, and requiring a valid phone number
to "win" or JUST going on their email address and requiring a valid
email.
It all depends how serious you are about the 1 per day rule, though...
On Tue, July 10, 2007 9:55 am, kvigor wrote:
> /*Good Morning to All,
>
> I am having an issue with the following code. I'm trying to match
> $newRegistrant(which is concatenated form data) with
> $oldRegistrant(which is
> concatenated DB data). The code is suppose to check if the
> Registrants
> match, if they do, then check if last registration was less than 24hrs
> ago,
> if it is it sets $FLAG to 1
> and throws and error at the user.
>
> Problem is the follow code only displays the error message from the
> "//unknown check" section, and not the //central check section. I
> know the
> code is virtually identical except for the table it's pulling data
> from.
> POST data has been mysql escaped. And form is submitted twice w/same
> info
> and no FLAG/error message*/
> //I hope this helps. Because I NEED HELP :-(
>
> <?php include("dbconnection.php"); $_POST['timeStamp'] = date("Y-m-d
> h:i:s"); $timeStamp = $_POST['timeStamp'];
> //========================================FORMATTING FROM
> DATA=============================================
> if(isset($_POST['submit']))
> {
> $_POST['conName'] = strtoupper($_POST['conName']);
> $_POST['conAddress'] =
> strtoupper($_POST['conAddress']);
> $_POST['conCity'] = strtoupper($_POST['conCity']); $_POST['conState']
> =
> strtoupper($_POST['conState']);
> $_POST['conZip'] = strtoupper($_POST['conZip']); $_POST['conPhone'] =
> strtoupper($_POST['conPhone']);
> $_POST['schName'] = strtoupper($_POST['schName']);
> $_POST['schAddress'] =
> strtoupper($_POST['schAddress']);
> $_POST['schCity'] = strtoupper($_POST['schCity']); $_POST['schState']
> =
> strtoupper($_POST['schState']);
> $_POST['schZip'] = strtoupper($_POST['schZip']); $_POST['strCity'] =
> strtoupper($_POST['strCity']);
> $_POST['strState'] = strtoupper($_POST['strState']);
> $_POST['strName'] =
> strtoupper($_POST['strName']);
> }
> //========================================END FORMATTING FROM
> DATA==========================================
> //============================CHECKING TO SEE IF THE USER HAS
> REGISTERED IN
> LAST 24 HRS=====================
>
> $newRegistrant =
> $_POST['conName'].$_POST['conAddress'].$_POST['conCity'].$_POST['conState'].$_POST['conPhone'].$_POST['schName'].$_POST['schCity'].$_POST['schState'].$_POST['strName'].$_POST['strCity'].$_POST['strState'];//NEW
> REGISTRANT
> global $newRegistrant;
>
> //Begin Central
> Check========================================================================================
> $matchQuery_cen = "SELECT
> conName,conAddress,conCity,conState,conPhone,schName,schCity,schState,strName,strCity,strState
> FROM central";
> $matchQueryResult_cen = mysql_query($matchQuery_cen,$connection) or
> die
> ("Query Failed".mysql_error());
>
> while($matchrow_cen = mysql_fetch_assoc($matchQueryResult_cen))
> { extract($matchrow_cen);
> $oldRegistrant =
> $conName.$conAddress.$conCity.$conState.$conPhone.$schName.$schCity.$schState.$strName.$strCity.$strState;
> $varStamp = $_POST['timeStamp']; //CURRENT DATE in MySQL DATETIME
> FORMAT
> $varStamp = strtotime($varStamp); //CONVERT DATETIME FORMAT INTO
> MATHMATICAL DATA/UNIX-STAMP
>
> $varStamp = $varStamp + '86400'; //STORED TIME OF REGISTRANT + 1 DAY
>
> $currentTime = time(); // CURRENT DATE IN MATHMATICAL
> DATA/UNIX-STAMP
>
> if($oldRegistrant == $newRegistrant && $currentTime < $varStamp )
> {
> $FLAG = 1;
> global $FLAG;
> }
> else
> {
> $FLAG = 2;
> global $FLAG;
> }
> }
> //End Century
> Check=========================================================================================
> //Unknown
> Check============================================================================================
> $matchQuery_unk = "SELECT
> conName,conAddress,conCity,conState,conPhone,schName,schCity,schState,strName,strCity,strState
> FROM unknown";
> $matchQueryResult_unk = mysql_query($matchQuery_unk,$connection) or
> die
> ("Query Failed".mysql_error());
>
> while($matchrow_unk = mysql_fetch_assoc($matchQueryResult_unk))
> { extract($matchrow_unk);
> $oldRegistrant =
> $conName.$conAddress.$conCity.$conState.$conPhone.$schName.$schCity.$schState.$strName.$strCity.$strState;
> $varStamp = $_POST['timeStamp']; //CURRENT DATE in MySQL DATETIME
> FORMAT
> $varStamp = strtotime($varStamp); //CONVERT DATETIME FORMAT INTO
> MATHMATICAL DATA/UNIX-STAMP
>
> $varStamp = $varStamp + '86400'; //STORED TIME OF REGISTRANT + 1 DAY
>
> $currentTime = time(); // CURRENT DATE IN MATHMATICAL
> DATA/UNIX-STAMP
>
> if($oldRegistrant == $newRegistrant && $currentTime < $varStamp )
> {
> $FLAG = 1;
> global $FLAG;
> }
> else
> {
> $FLAG = 2;
> global $FLAG;
> }
> }
>
> //END UNKNOWN
> CHECK====================================================================================
> //=========================END CHECKING TO SEE IF THE USER HAS
> REGISTERED IN
> LAST 24 HRS=====================
> ?>
>
> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
> "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>
> <?php
> if($FLAG == 1)
> {
> echo " <div align= 'center' class ='ermess2'><br />*** SORRY ONLY 1
> REGISTRATION PER 24HRS. ***</div>";
> }
>
> else
> {
> function trim_value(&$value)
> {
> $value = trim($value);
> }
> //==========================================================================================================
> $cen_foodlandPA = file('C:\htdocs\website\central_foodlandPA.txt');
> array_walk($cen_foodlandPA, 'trim_value');
> $cen_independents =
> file('C:\htdocs\website\central_independents.txt');
> array_walk($cen_independents, 'trim_value');
> //==========================================================================================================
>
> if(@sizeof($format) == 0 && @sizeof($blank_array) == 0 &&
> @sizeof($curse)
> == 0 && @sizeof($us_states) == 0 && @sizeof($phoneFormat) == 0 &&
> $FLAG ==
> 2)
> {
> echo "<div class = 'div_c_blu'>Thank You for Entering. Your Entry
> has
> been accepted!</div>
> <br />";
> echo "<div class = 'div_c_blu'> Click on logo to return to Main
> Page.</div>";
> $greenLightForDBstorage = "go";
> global $greenLightForDBstorage;
> }
>
> if(isset($_POST['strName'], $_POST['strCity'], $_POST['strState']))
> {
> $tab = " ";
> $storeInfo =
> $_POST['strName'].$tab.$_POST['strCity'].$tab.$_POST['strState'];
> global $storeInfo;
> }
>
> if(in_array($storeInfo, $cen_foodlandPA))
> //if statement to check all other fields before record is set
> {$queryCentral = "INSERT INTO central (conName, conAddress, conCity,
> conState, conZip, conPhone, schName, schAddress, schCity,
> schState, schZip, strName, strCity, strState,varStamp)
> VALUES('$regName', '$regAddress', '$regCity', '$regState',
> '$regZip','$regPhone', '$sclName', '$sclAddress', '$sclCity',
> '$sclState',
> '$sclZip', '$stoName', '$stoCity', '$stoState','$timeStamp')"
> ;
>
> mysql_query($queryCentral, $connection) or die("Query failed: ".
> mysql_error($connection));
> }
>
> elseif(in_array($storeInfo, $cen_independents))
> {
> $queryCentral = "INSERT INTO central (conName, conAddress, conCity,
> conState, conZip, conPhone, schName, schAddress, schCity,
> schState, schZip, strName, strCity, strState,varStamp)
> VALUES('$regName', '$regAddress', '$regCity', '$regState', '$regZip',
> '$regPhone', '$sclName', '$sclAddress', '$sclCity', '$sclState',
> '$sclZip', '$stoName', '$stoCity', '$stoState','$timeStamp')"
> ;
>
> mysql_query($queryCentral, $connection) or die("Query failed: ".
> mysql_error($connection));
> }
>
> else
> {
> $queryUnknown = "INSERT INTO unknown (conName, conAddress, conCity,
> conState, conZip, conPhone, schName, schAddress, schCity,
> schState, schZip, strName, strCity, strState,varStamp)
> VALUES('$regName',
> '$regAddress', '$regCity', '$regState', '$regZip',
> '$regPhone', '$sclName', '$sclAddress', '$sclCity', '$sclState',
> '$sclZip', '$stoName', '$stoCity', '$stoState','$timeStamp')";
> mysql_query($queryUnknown, $connection) or die("Query failed: ".
> mysql_error($connection));
> }
> }
> }
>
> ?>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some indie artist.
http://cdbaby.com/browse/from/lynch
Yeah, I get a buck. So?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
