I have a site where a user is only supposed to register for one deal. I have
this query:
<cfquery datasource="#Request.LiveDSN#" name="qCheckUserTable">
SELECT Name, Birthdate, Email
FROM Users
WHERE Name = <cfqueryparam cfsqltype="cf_sql_varchar"
value="#Form.SHIPTONAME#" />
AND Birthdate = <cfqueryparam cfsqltype="cf_sql_varchar"
value="#Birthdate#" />
OR Email = <cfqueryparam cfsqltype="cf_sql_varchar"
value="#Form.Email#" />
</cfquery>
I then do this:
<cfif qCheckUserTable.RecordCount GT 0>
<cfinclude template="header.cfm">
<BR><BR><BR>
<cfoutput>#Form.SHIPTONAME#</cfoutput>,
It appears that you have already registered for this deal. You can click
the back button and enter another's information or quit the application. You
can only register an individual for one deal only.
<cfinclude template="footer.cfm">
<cfabort>
<cfelse>
blah blah blah
Well today someone managed to register more than once. In the db, the only
difference is the birthdate, which should not matter since I am checking for
their name, birthdate or email. The name and email in both records are
identical. I ran this query against the db several times using different
birth-dates and every time I get the records, which means the name/email search
is working. I suspect that this person tried for a while to get around this
since her registrations were about an hour apart. Is there something that I am
overlooking in the query? How would she have gotten by this? I am guessing I
missed something very simple.
Thanks,
Bruce
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive:
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:355344
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
