1

I am creating my own personal website to sell music and help local artists promote their music. However, I am experiencing a problem.

I created a registration page where a new user can be registered onto the system. I tried to search first whether the email exists or not from the database so that there are no duplicate emails on the tables. I created an if statement for this so when the statement is true (meaning a duplicate email is found) it prints out the "email exists" but when it does not find any information from the db the screen remains blank where as the else part of the statement should kick in and print "no email found".

Can someone help me see where I went wrong? Here is my code:

 if ($_POST['submit2']){ 
$fname = $_POST['Fname'];
$sname = $_POST['Sname'];
$email = $_POST['Emailaddress'];
$pass = $_POST['newpassword'];

$sql= "select * from cust_information where email = '$email'";
$results = mysqli_query($conn, $sql) or die(mysqli_error($conn));
$row = mysqli_fetch_array($results) or die(mysqli_error($conn));
    if($row > 0){
        echo "email exists";
    }elseif ($row <0){
        echo "email doesnt exist";
    }else{
        echo "nothing was done";
    }
}
Stephen King
  • 575
  • 5
  • 17
  • 28
Banele gumata
  • 7
  • 2
  • Make use of [prepared statements](http://php.net/manual/en/mysqli.prepare.php), ensure that all the fields are actually being passed, ensure PHP's [error reporting](https://stackoverflow.com/questions/1053424/how-do-i-get-php-errors-to-display) is enabled and make use of [mysqli_error](http://php.net/manual/en/mysqli.error.php). I advise you not to create the selling aspect yourself with the current standard of your code as it would most likely be at risk. Please if you are not doing so already, [hash](http://php.net/manual/en/function.password-hash.php) your passwords. – Script47 Aug 14 '17 at 10:37
  • two things (btw you are vulnerable to SQL injections -> use prepared statements): use SELECT COUNT(*) so that you will get 0 if no mail exists or >0 if it doesn't. There are no option anyway where your code will return <0 – Lelio Faieta Aug 14 '17 at 10:41

4 Answers4

1

remove the elseif condition

 if($row > 0){
    echo "email exists";
}else{
    echo "email doesnt exist";
}
GYaN
  • 2,285
  • 3
  • 17
  • 36
1

First of all your code is vulnerable to SQL injection and you need to to prevent it

Second, your row $row = mysqli_fetch_array will return an array, so comparing $array > 0 or $array < 0 is invalid. Better compare count($row) > 0 or count($row) === 0 which will compare the amount of rows returned

Fotis
  • 1,160
  • 13
  • 30
1

This is all you need:

if(count($row) > 0)
{
    echo "email exists";
}
else
    echo "email doesnt exist";
}
Amit Joshi
  • 1,264
  • 1
  • 5
  • 10
0

The response will always be either 1 or 0 it will never be anything else. If the array is null, then this is a different issue, but you shouldnt be putting this in as an else if.

if($row > 0){
    echo "email exists";
}
else{
    echo "email does not.";
}

I would also suggest using PDO http://php.net/manual/en/book.pdo.php. You current code is leaving you wide open to SQL Injection.

Dan Hastings
  • 2,956
  • 6
  • 31
  • 62
  • Why use PDO when `mysqli_*` has prepared statements? This would be counterproductive. – Script47 Aug 14 '17 at 10:42
  • The syntax is much nicer in both naming and how its written. PDO is an object and i think its much better to be taking an OO approach than calling functions. At the end of the day they do the same job – Dan Hastings Aug 14 '17 at 10:45
  • Then include your reason to why you'd get them to switch in the answer! *At the end of the day they do the same job* - Contradictory statements. – Script47 Aug 14 '17 at 10:46
  • Also PDO is general database abstraction layer so it support stuff out side mySQL databases. Read [this](https://stackoverflow.com/questions/2190737/what-is-the-difference-between-mysql-mysqli-and-pdo) – Sand Aug 14 '17 at 10:46