0

This should be easy but I'm can't make it work. The idea is to look for an email adress posted from a form. If it exists echo something and if not echo something else.

My code is:

<?php
//MySQL Database Connect
mysql_connect("localhost", "********", "**********") 
  or die("Unable to connect to MySQL");

//get data from form 
$email=$_POST['email'];

//ask the database for coincidences
 $result = mysql_query("SELECT email FROM pressmails WHERE email='.$email.'"); 
 $num_rows = mysql_num_rows($result); 


 if($num_rows < 0){ 
    echo "The user is registered";
} else { 
    echo "The user is not registered";
}  

 //Close database connection
 mysql_close();
 ?>
Improve this question
10
  • 3
    The mysql-extension is outdated. Read more php.net/en/mysql-connect. // Oh, and you are obviously introduce some SQL-injections Commented Jan 22, 2013 at 12:33
  • 2
    Do not use mysql_*. They are deprecated now, and you should get into the habit of using mysqli as a minimum... Commented Jan 22, 2013 at 12:33
  • are you getting the message that the user is not registered? i think perhaps your $num_rows<0 is the wrong way round... Commented Jan 22, 2013 at 12:34
  • @BenM You slightly scared me when you mentioned mysqli until I read "as a minimum" ;) Commented Jan 22, 2013 at 12:34
  • 1
    @Jaume - The syntax for mysqli and mysql functions are very similar, but they are not identical; if you're taking our advice and switching to mysqli, you should read the manual to see how they differ. HINT: mysqli functions require the connection variable, as returned from mysqli_connect(). Commented Jan 22, 2013 at 12:42

4 Answers 4

Reset to default
3

You are not concatenating string properly.

$result = mysql_query("SELECT email FROM pressmails WHERE email='.$email.'");

should be

$result = mysql_query("SELECT email FROM pressmails WHERE email='".$email."'");
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

You should end the string by using a closing quote (if you started the string with " you must end the string with " too, same for ').

And do not forget to use mysql_real_escape_string, otherwise the script is not safe.

The script will become something like this:

// save the query in a variable, so we can echo it to debug when it doesn't work as expected
$sql = "SELECT email FROM pressmails WHERE email='".mysql_real_escape_string($email)."'";
$result = mysql_query($sql);
Improve this answer

1 Comment

Thank you very much. I have tried and it does not work, but if I echo $sql prints the string OK. When I echo $result it prints nothing. I have checked the query at phpmyadmin and it works... THIS IS VERY WEIRD, right???
1

You do not need the concatenation identifiers, since wrapping a literal in " will automatically parse variables into the string:

$result = mysql_query("SELECT email FROM pressmails WHERE email='$email'");

You should watch out, mind you. Doing the above represents a significant SQL injection vulnerability. You should consider sanitizing $email as a minimum. Also see my comment about the mysql_* functions in PHP.

From the Docs:

This extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQL extension should be used. See also MySQL: choosing an API guide and related FAQ for more information. Alternatives to this function include:

mysqli_close() PDO: Assign the value of NULL to the PDO object

Improve this answer

2 Comments

Thanks for all your help but it still does not work regardless if I use mysql or mysqli. The variable $num_rows is empty when I enter a registered email or an unregistered one... Any idea??? Thanks!!!
$num_rows will never be less than 0. It will either be 0, or greater. You need to check for if($num_rows > 0)...
0

(assuming you get your syntax errors corrected) isn't the logic of this backwards?

if($num_rows < 0){ 
 echo "The user is registered";
} else { 
echo "The user is not registered";
}

if the user is registered their email is in the database and the query returns one or more rows

try 

if($num_rows){ 
   echo "The user is registered";
} else { 
  echo "The user is not registered";
}
Improve this answer

1 Comment

better is to use $num_rows > 0, apart from that the complete query check is missing and this should be a comment, not an answer.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.