1

As the title says my PHP/ MySQL query not executing

Can some have a look what am doing wrong ?

  $name = ((isset($_POST['name']))?sanitize($_POST['name']):'');
  $email = ((isset($_POST['email']))?sanitize($_POST['email']):'');
  $password = ((isset($_POST['password']))?sanitize($_POST['password']):'');
  $confirm = ((isset($_POST['confirm']))?sanitize($_POST['confirm']):'');
  $errors = array();
  if($_POST){
    $emailQuery =$db->query("SELECT  FROM users1 WHERE email = '$email'");
    $emailCount = mysqli_num_row($emailQuery);

        if($emailCount != 0){
          $errors[] = 'That email already exists in our database.';
        }
Improve this question
4
  • 1
    SELECT FROM users1 WHERE email = '$email' you are missing what you are selecting. Commented May 19, 2017 at 0:04
  • As far as I know, $_POST will always exist because it is a superglobal; use if($_POST['email']) at the very least. You don't need to declare your mysqli_num_rows if you are only going to use it once: if(mysqli_num_rows($emailQuery)){$error[]...}. And finally, you should be using a prepared statement to protect against injection. Commented May 19, 2017 at 0:13
  • WARNING: When using mysqli you should be using parameterized queries and bind_param to add user data to your query. DO NOT use manual escaping and string interpolation or concatenation to accomplish this because you will create severe SQL injection bugs. Accidentally unescaped data is a serious risk. Using bound parameters is less verbose and easier to review to check you’re doing it properly. Commented May 19, 2017 at 2:09
  • WARNING: Writing your own access control layer is not easy and there are many opportunities to get it severely wrong. Please, do not write your own authentication system when any modern development framework like Laravel comes with a robust authentication system built-in. At the absolute least follow recommended security best practices and never store passwords as plain-text. Commented May 19, 2017 at 2:10

1 Answer 1

Reset to default
1

Two problems in your code

  1. You are missing * in your query
  2. mysqli_num_row Should be mysqli_num_rows

Here is correct code

  $name = ((isset($_POST['name']))?sanitize($_POST['name']):'');
  $email = ((isset($_POST['email']))?sanitize($_POST['email']):'');
  $password = ((isset($_POST['password']))?sanitize($_POST['password']):'');
  $confirm = ((isset($_POST['confirm']))?sanitize($_POST['confirm']):'');
  $errors = array();
  if($_POST){
    $emailQuery =$db->query("SELECT * FROM users1 WHERE email = '$email'");
    $emailCount = mysqli_num_rows($emailQuery);

        if($emailCount != 0){
          $errors[] = 'That email already exists in our database.';
        }
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thank you, Worked like charm

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.