Home > Blockchain >  How can I successfully throw an error if the user wants to register with an email that already exist
How can I successfully throw an error if the user wants to register with an email that already exist

Time:08-17

I'm trying to validate the signup inputs and see if they're trying to add information that already exists. The program keeps adding a user even if the email is the same.

$name = mysqli_real_escape_string($Connection, htmlentities($_POST["personalFirstName"])   );
$lastname  = mysqli_real_escape_string($Connection, htmlentities($_POST["personalLastName"])   );
$email = mysqli_real_escape_string($Connection, htmlentities($_POST["personalEmail"])   );
$passcode = mysqli_real_escape_string($Connection,  htmlentities($_POST["personalPasscode"])    ););
$passcode = mysqli_real_escape_string($Connection,  htmlentities($_POST["personalPasscode"])    );

//The next lines of code will basically check if the info that the user 
//adds already exist. if not then we add the info to the database
$checkEmail = "SELECT * FROM Users WHERE user_email = $email";


//Quering to get data
$sqlEmail = mysqli_query($Connection, $checkEmail);
    $state = mysqli_fetch_assoc($sqlEmail);

    if($state > 0) {
 
        echo "<script type='text/javascript'>alert('That email is already taken. Please Enter your email correclty or create an account');</script>";
        echo '<script type="text/javascript"> window.location="createAccount.php";</script>';
        exit();
    } else{
       $addUserSQLQuery = "INSERT INTO Users (user_firstname, user_lastname, user_email, user_pass)
        VALUES ('$name', '$lastname', '$email', '$passcode' )";  
       
    
           mysqli_query($Connection, $addUserSQLQuery);
  

require_once "text.php"; 
sendEmail();
echo '<script type="text/javascript"> window.location="myaccount.php";</script>';
    exit();   
   
       

    }

CodePudding user response:

(1) if you want to know the number of records of a select query, please use mysqli_num_rows

Hence, add the following line right after the mysqli_query line:

$row_cnt = mysqli_num_rows($sqlEmail);

then change

if($state > 0) {

to

if($row_cnt > 0) {

(2) Your select query is missing quotation marks (user_email is a string, right ?):

$checkEmail = "SELECT * FROM Users WHERE user_email = $email";

but DO NOT just add quotation marks to fix it, please change to use parameterized prepared statement to avoid SQL injection attacks. (same for insert query)

For prepared statements, please refer to the official documentation:

https://www.php.net/manual/zh/mysqli.quickstart.prepared-statements.php

Page link:https//www.codepudding.com/Blockchain/513226.html

Prev:Substract the price using Case in Mysql
Next:Why might this node.js mysql query be preventing my program from ending?
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding