What do I have to do to my code so it will only create the account if the email doesn't already exist in the Database?

Question

<?php
    $errorMessage = "";
    // start the session and register the session variables
    session_start("ProtectVariables");

    // get the command value (use request since both post and get are used
    $firstname = $_POST['firstNameZ'];
    $lastname = $_POST['lastNameZ'];
    $password = $_POST['passwordZ'];
    $email = $_POST['emailZ'];      

    $sql = "SELECT email FROM account WHERE email='" . $email . "'";
    $result = mysql_query($sql,$db);

    while ($myrow = mysql_fetch_array($result)) {           
        if  ($email == $myrow['email'])  {
            $errorMessage = "Account with that email already exists";
        } else {
            $errorMessage = "Email doesn't match!";
        }
    }
    if ($_POST['submit']) {
        $sql_insert = "INSERT INTO account (firstname,lastname,password,email) VALUES ('$firstname','$lastname','$password','$email')";
        $result_insert = mysql_query($sql_insert,$db);
    }

?>

When I fill in the form and hit submit it just inserts into the database even though the emails are the same. I tried putting the if statement with the submit button into the while loop but that didn't work either.

dehrg · Answer 1 · 2014-08-17T04:55:25.627

1

You could change your condition to check whether or not the error message has been filled:

if ($_POST['submit'] && $errorMessage == "Email doesn't match") {
    $sql_insert = "INSERT INTO account (firstname,lastname,password,email) VALUES ('$firstname','$lastname','$password','$email')";
    $result_insert = mysql_query($sql_insert,$db);
}

edited Aug 17 '14 at 04:55

answered Aug 17 '14 at 04:36

dehrg

1,661
14
17

1

`if($_POST['submit'] && $errorMessage == "Email doesn't match!")` – gab06 Aug 17 '14 at 04:48
Thank you for your help dehrg! Unfortunately the error message is still coming up as - "Account with that email already exists". Also, it won't add ANYTHING to the database even if the email isn't the same. I'm not sure what's wrong. Could you help me again? – Ryan Alcorn Aug 17 '14 at 04:49
1

gab06 is correct! I didn't see that you were setting the error message even if you were successful (which is bad practice given the name of the variable) see my revised answer – dehrg Aug 17 '14 at 04:55

score 1 · Accepted Answer · answered Aug 17 '14 at 04:48

Use mysql_num_rows function to check weather the user already exist on the database or not. Use the code below

    <?php
        $errorMessage = "";
        // start the session and register the session variables
        session_start("ProtectVariables");

        // get the command value (use request since both post and get are used
        $firstname = $_POST['firstNameZ'];
        $lastname = $_POST['lastNameZ'];
        $password = $_POST['passwordZ'];
        $email = $_POST['emailZ'];      

        $sql = "SELECT email FROM account WHERE email='" . $email . "'";
        $result = mysql_query($sql,$db);

     if(mysql_num_rows($result)==0){
        if ($_POST['submit']) {
            $sql_insert = "INSERT INTO account (firstname,lastname,password,email) VALUES ('$firstname','$lastname','$password','$email')";
            $result_insert = mysql_query($sql_insert,$db);
        }
    }
else
{
echo "the user with this email address already exist";
}
    ?>

Hope this helps you

What do I have to do to my code so it will only create the account if the email doesn't already exist in the Database?

2 Answers2