0

So I'm trying to check if the email is already in use (for a password reset). So I have my JS

//Check if email exists
$(document).ready(function() {
//listens for typing on the desired field
$("#email").keyup(function() {
    //gets the value of the field
    var email = $("#email").val(); 

    //here is where you send the desired data to the PHP file using ajax
    $.post("../classes/check.php", {email:email},
        function(result) {
            if(result == 1) {
                //Email available
                console.log("Good");
            }
            else {
                //the email is not available
                console.log("Bad");
            }
        });
});
});

And then my PHP

<?php
//Include DB
include_once '../db.php';

if(isset($_POST['email'])){
    //Get data
    $email = htmlspecialchars($_POST['email'], ENT_QUOTES, 'UTF-8');
}
else{
    header('Location: /');
}
//Send requst to DB
$stmt = $con->prepare("SELECT * FROM users WHERE email = :email");
$stmt->bindValue(':email', $email, PDO::PARAM_STR);
$stmt->execute();

if($stmt->rowCount() > 0){
    //Email found
    echo 1;
}
else{
    //Email not found
    echo 0;
}

So I start off by making sure there's a recording in my DB. Which there is, so I enter it. Now I go over to the console and all I get is Bad, which means that the email is not found, but it's in the database. So I'd assume all it returns is 0. Any ideas? Could it be an error in my code?

Improve this question
13
  • 1
    Have you checked the Network tab in the console to see what response is actually coming back from the server? Commented Aug 25, 2014 at 20:05
  • Have you tried logging out the result, what did it contain? Also, echoing numbers like that is not a good idea, neither is using weak equality to compare these results. Commented Aug 25, 2014 at 20:05
  • Don't use htmlspecialchars when storing data into the database. That should only be used when displaying data in an HTML page. Commented Aug 25, 2014 at 20:06
  • Yeah, all it returns is 0 @Barmar Commented Aug 25, 2014 at 20:06
  • 2
    You are trying to check the email address on every keyup? That is certainly a nice way for an attacker to be able to build a nice dictionary of all possible email combinations on your site. Commented Aug 25, 2014 at 20:09

1 Answer 1

Reset to default
1

The PDO documentation warns that rowCount might not work with all drivers. A more reliable and efficient way to do it is:

$stmt = $con->prepare("SELECT COUNT(*) as count FROM users WHERE email = :email");
$stmt->bindValue(':email', $email, PDO::PARAM_STR);
$stmt->execute();
$row = $stmt->fetch(PDO::FETCH_ASSOC);
if ($row['count'] > 0) {
    echo 1;
} else {
    echo 0;
}

Another thing to try:

$email = trim($_POST['email']);

because sometimes there's extra whitespace in theinput field.

Improve this answer
Sign up to request clarification or add additional context in comments.

6 Comments

Nope, still tossing the same issue.
Try trimming the input
Still no change. I also tried a different browser to get the cache issue out of the way. Same things going on :(
Then I think you're wrong about the email being in the database. I can't see any reason for this to fail.
I just fixed a typo in my SQL (cont => count). Could that have been the problem?
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.