Member Avatar for R_4

How can i check if email exists i have this code but it is not working

<?php
include "Config.php";
function mksafe($data){
     $data=trim($data);
     $data=strip_tags($data);
     $data=htmlspecialchars($data);
     $data=addslashes( $data);
     return $data;
 }
  $fname = mksafe($_POST["fname"]);
  $lname = mksafe($_POST["lname"]);
  $email = mksafe($_POST["email"]);
  $sql = "SELECT * FROM `users` WHERE `email`=$email";
$result = $conn->query($sql);
if($result->num_rows >= 1) {
    echo "Email  already exist.";
} else {
 $sql = "INSERT INTO users (fname, lname, email,reg_date)
    values(' $fname', '$lname',' $email',now())";
     if ($conn->query($sql) === TRUE){ 
        header("Refresh:0; url=index.php");
       } else { 
           echo "Error: " . $sql . "<br>" . $conn->error; 
           } 

}

 $conn->close();
  • 3 Contributors
  • 6 Replies
  • 394 Views
  • 3 Days Discussion Span
  • Latest Post Latest Post by R_4

Recommended Answers

All 6 Replies

Member Avatar for Dani

So I see you are pulling in a first name, last name, and email addess from a form. You're then sanitizing the data preparing it for your MySQL statement.

However, your SQL statement needs to have quotes around $email as so:

$sql = "SELECT * FROM `users` WHERE `email` = '$email'";

You're then querying hte database with that SQL statement, and if a row exists, saying it does, and if it doesn't, it looks like you have some extraneous spaces between your open-single-quote and your variables, which they shouldn't have. Lines 18/19 should read:

$sql = "
    INSERT INTO `users` (fname, lname, email, reg_date)
    VALUES ('$fname', '$lname', '$email', NOW())
";
Member Avatar for R_4

I have modified my code as you told me but still not check email existance 

<?php
include "Config.php";
function mksafe($data){
     $data=trim($data);
     $data=strip_tags($data);
     $data=htmlspecialchars($data);
     $data=addslashes( $data);
     return $data;
 }
  $fname = mksafe($_POST["fname"]);
  $lname = mksafe($_POST["lname"]);
  $email = mksafe($_POST["email"]);
  $sql = "SELECT * FROM users WHERE email ='$email'";
$result = $conn->query($sql);
if($result->num_rows >= 1) {
    echo "Email  already exist.";
} else {
$sql = "
    INSERT INTO `users` (fname, lname, email, reg_date)
    VALUES ('$fname', '$lname', '$email', NOW())
";
     if ($conn->query($sql) === TRUE){ 
        header("Refresh:0; url=index.php");
       } else { 
           echo "Error: " . $sql . "<br>" . $conn->error; 
           } 

}
Member Avatar for Dani

What error message are you seeing?

Member Avatar for R_4

I don't get any error message.The code escape checking email part to inserting part.It just adds record without checking email

Member Avatar for Amonza

This code works, though I would caution you about including variables in the SQL. Prepared statements would be safer.
That aside and not knowing what the rest of your code looks like I can only offer that you check the input to your 'if' statement is as you are expecting. Try dumping the sql statement after line 13, add this:
print_r($sql);die();

Edited by Amonza
Member Avatar for R_4

Thank you . You solved my disaster.
Thanks again ...

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.