Check if a Database Record Already Exists Before Inserting a New Entry

JonL · February 21, 2020, 9:58am

Just some security/privacy good practice.

Depending on how sensitive your app is you may not want to inform the browser user if an email exists in the database. This information can be exploited in several ways(spam, brute force attacks, etc).

You may however want to do something yourself with that information like sending a message to the email entered(if it exists in database) informing that there has been an attempt of registering their email again and send them a password reset link(in case it’s the legitimate user) and/or adding information about the person that tried to do register (ip address, browser, location, etc).

So for other fields and other use cases this might a very good approach. Just be careful what information you provide to strangers

magdy.reda · March 14, 2020, 2:14pm

JonL, good suggestion.

Then, how can I capture the server side validation output? As far as I understand it only has a message option as output.

Even if I activate its output, I cannot see how to capture it in a variable to be used in a conditional step (i.e. if true send email - else … ).

Thanks.

Mag

Hyperbytes · March 14, 2020, 4:17pm

Th validation component is for validating input only. If you want to perform extended operations then I suggest you use a query instead and query the parameter. You can then perform conditional actions or return information back to app connect.

tomkomin · June 13, 2020, 8:16pm

Can a link be used in the message. If so, what is the syntax.

It just shows the code:
This email is already registered. If you have forgotten your login info, <a href="forgot_password.php">Click Here</a>.
instead of:
This email is already registered. If you have forgotten your login info, Click Here.

Thanks,
TOm

guptast · October 5, 2020, 5:54am

Hi @George,

I have followed the steps in your post above to set up a validation to check and avoid duplicate records in the database. However, this is not working correctly for me. I can insert duplicate records in the database table with the validation rule set as ‘Does not Exist in Database’.

The POST request is returning Status Code: 200 in the dev tools for the duplicate records as well. The input form field has been set up with Required validation.

The setup for inserting records and validation looks like this:

I’m not sure if I’m missing a step in the setting up of validation rule. Any help or ideas of where to look would be greatly appreciated.

guptast · October 6, 2020, 9:37am

Hi @George,

The validation is working correctly now. The error messages are also showing when duplicate values are found in the database.

I resolved this issue by renaming the file extensions from .html to .apsx (suggested by @psweb in reference to another issue I had when setting up the login system, based on his video Full Login Procedure).

I don’t know whether there’s a way to resolve this issue by keeping the .html extensions. But if there’s any way, then it would be really helpful to know that as well.

Thank you for your continued support

psweb · October 6, 2020, 1:03pm

I doubt there will ever really be a way around this, anything that requires a server action script to run, is going to perform checks on the server side, and the only way to pass values from server side to client side is by using .aspx or .php depending on your server environment. If the validator was checking only with client side validation then you could keep the .html but it can not then look at all the database records to ensure no duplicate exists.
I really do not think there is anything that can be done, as it’s not a Wappler related problem as such, but more of a current web server technologies order of operation.

thines · March 20, 2021, 11:32pm

i have same issues, i did validator name both same, and have the right field name and database field. also have required in form, but still this check is not working. anyone help?

i’m a validating the email not exist check, i have email field same as the database field. also i have required and email validation on the form field. my validator name is “validateUserEmail” on both.

Note: im using nodejs.

please see the screenshot below:

psweb · March 20, 2021, 11:30pm

Please show some screenshots like guptast did in his post, otherwise it’s very difficult to follow properly.

thines · March 20, 2021, 11:33pm

updated with screenshot please check psweb. thanks for trying to help me out

psweb · March 20, 2021, 11:36pm

No problem, can you show me the code for your email input of your form please, I want to check the input name and ID

thines · March 20, 2021, 11:37pm

please see above… thanks

psweb · March 20, 2021, 11:44pm

It looks fine to me, what I would try is open the server connect side of this, then arrow out Input, then arrow out $_POST, then select the email input and in the field properties > validation rules, remove the Required as well as the Valid Email Address from the input itself, and just see if that is what is causing it, I have often found issues with the server side validators, so we can always add them back later, but for testing, remove them.

thines · March 20, 2021, 11:47pm

sorry i did not understand what exactly you mean about arrow out?

psweb · March 20, 2021, 11:51pm

thines · March 20, 2021, 11:55pm

i did this and checked, not worked…

psweb · March 21, 2021, 12:01am

thines · March 21, 2021, 12:07am

here it is…

psweb · March 21, 2021, 12:13am

I think I see the problem, I missed it on your very first screenshot, but you need to switch your 2 steps around.

You Validate if the users email exists first, and then if its true then you insert the user, so swap your steps around. Validate above Insert

thines · March 21, 2021, 12:30am

i swapped the steps, and checked, now the inserting user with same email is not succeded which i need anyway. but the message not shown in that case such as email exist!