0

This should be easy but I'm can't make it work. The idea is to look for an email adress posted from a form. If it exists echo something and if not echo something else.

My code is:

<?php
//MySQL Database Connect
mysql_connect("localhost", "********", "**********") 
  or die("Unable to connect to MySQL");

//get data from form 
$email=$_POST['email'];

//ask the database for coincidences
 $result = mysql_query("SELECT email FROM pressmails WHERE email='.$email.'"); 
 $num_rows = mysql_num_rows($result); 


 if($num_rows < 0){ 
    echo "The user is registered";
} else { 
    echo "The user is not registered";
}  

 //Close database connection
 mysql_close();
 ?>
Improve this question
10
  • 3
    The mysql-extension is outdated. Read more php.net/en/mysql-connect. // Oh, and you are obviously introduce some SQL-injections Commented Jan 22, 2013 at 12:33
  • 2
    Do not use mysql_*. They are deprecated now, and you should get into the habit of using mysqli as a minimum... Commented Jan 22, 2013 at 12:33
  • are you getting the message that the user is not registered? i think perhaps your $num_rows<0 is the wrong way round... Commented Jan 22, 2013 at 12:34
  • @BenM You slightly scared me when you mentioned mysqli until I read "as a minimum" ;) Commented Jan 22, 2013 at 12:34
  • 1
    @Jaume - The syntax for mysqli and mysql functions are very similar, but they are not identical; if you're taking our advice and switching to mysqli, you should read the manual to see how they differ. HINT: mysqli functions require the connection variable, as returned from mysqli_connect(). Commented Jan 22, 2013 at 12:42

4 Answers 4

Reset to default
3

You are not concatenating string properly.

$result = mysql_query("SELECT email FROM pressmails WHERE email='.$email.'");

should be

$result = mysql_query("SELECT email FROM pressmails WHERE email='".$email."'");
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

You should end the string by using a closing quote (if you started the string with " you must end the string with " too, same for ').

And do not forget to use mysql_real_escape_string, otherwise the script is not safe.

The script will become something like this:

// save the query in a variable, so we can echo it to debug when it doesn't work as expected
$sql = "SELECT email FROM pressmails WHERE email='".mysql_real_escape_string($email)."'";
$result = mysql_query($sql);
Improve this answer

1 Comment

Thank you very much. I have tried and it does not work, but if I echo $sql prints the string OK. When I echo $result it prints nothing. I have checked the query at phpmyadmin and it works... THIS IS VERY WEIRD, right???
1

You do not need the concatenation identifiers, since wrapping a literal in " will automatically parse variables into the string:

$result = mysql_query("SELECT email FROM pressmails WHERE email='$email'");

You should watch out, mind you. Doing the above represents a significant SQL injection vulnerability. You should consider sanitizing $email as a minimum. Also see my comment about the mysql_* functions in PHP.

From the Docs:

This extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQL extension should be used. See also MySQL: choosing an API guide and related FAQ for more information. Alternatives to this function include:

mysqli_close() PDO: Assign the value of NULL to the PDO object

Improve this answer

2 Comments

Thanks for all your help but it still does not work regardless if I use mysql or mysqli. The variable $num_rows is empty when I enter a registered email or an unregistered one... Any idea??? Thanks!!!
$num_rows will never be less than 0. It will either be 0, or greater. You need to check for if($num_rows > 0)...
0

(assuming you get your syntax errors corrected) isn't the logic of this backwards?

if($num_rows < 0){ 
 echo "The user is registered";
} else { 
echo "The user is not registered";
}

if the user is registered their email is in the database and the query returns one or more rows

try 

if($num_rows){ 
   echo "The user is registered";
} else { 
  echo "The user is not registered";
}
Improve this answer

1 Comment

better is to use $num_rows > 0, apart from that the complete query check is missing and this should be a comment, not an answer.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.