Any wrong code at this, the data still entering to database

Question

If the database has the same phone number with new registered user, the register progress not completed, but at my code, the data still enter the database table with same phone number.

<?php 

if ($_SERVER['REQUEST_METHOD'] == 'POST'){

    $name = $_POST['name'];
    $no_hp = $_POST['no_hp'];
    $email = $_POST['email'];
    $password = $_POST['password'];

    $password = password_hash($password, PASSWORD_DEFAULT);

    require_once 'connect.php';

        $sql = "INSERT INTO user(name,no_hp,email,password)VALUES('$name','$no_hp','$email','$password')";

        $hpcheck = "SELECT * FROM user WHERE no_hp='$no_hp' LIMIT 1";
        $result = mysqli_query($conn, $hpcheck);

        if(mysqli_query($conn, $sql)){

            if(mysqli_num_rows($result) > 0)
            {
                $result["success"] = "0";
                $result["message"] = "Nomor hp telah digunakan!";
                echo json_encode($result);
                mysqli_close($conn);
            }
            else
            {
                $result["success"] = "1";
                $result["message"] = "success";
                echo json_encode($result);
                mysqli_close($conn);
            }
    } else {
        $result["success"] = "0";
        $result["message"] = "errorss";

        echo json_encode($result);
        mysqli_close($conn);
    }
}

?>

You create your INSERT query, create and run your SELECT query, then run your INSERT query. You can't select what you haven't inserted yet. — aynber, Oct 30 '19 at 18:03
Possible duplicate of [How to 'insert if not exists' in MySQL?](https://stackoverflow.com/questions/1361340/how-to-insert-if-not-exists-in-mysql) — devlin carnate, Oct 30 '19 at 18:17

score 0 · Accepted Answer · answered Oct 30 '19 at 18:09

You are executing your insert query by:

mysqli_query($conn, $sql)

before checking if the phone number already in the database.

Try to change your code as below:

if ($_SERVER['REQUEST_METHOD'] == 'POST'){

    $name = $_POST['name'];
    $no_hp = $_POST['no_hp'];
    $email = $_POST['email'];
    $password = $_POST['password'];

    $password = password_hash($password, PASSWORD_DEFAULT);

    require_once 'connect.php';

        $hpcheck = "SELECT * FROM user WHERE no_hp='$no_hp' LIMIT 1";
        $result = mysqli_query($conn, $hpcheck);

        if($result){

            if(mysqli_num_rows($result) > 0)
            {
                $result["success"] = "0";
                $result["message"] = "Nomor hp telah digunakan!";
                echo json_encode($result);
                mysqli_close($conn);
            }
            else
            {
                $sql = "INSERT INTO user(name,no_hp,email,password)VALUES('$name','$no_hp','$email','$password')";
                mysqli_query($conn, $sql)
                $result["success"] = "1";
                $result["message"] = "success";
                echo json_encode($result);
                mysqli_close($conn);
            }
    } else {
        $result["success"] = "0";
        $result["message"] = "errorss";

        echo json_encode($result);
        mysqli_close($conn);
    }
}

This will only insert value if it is not exist in the database.

@GyrothGames, I'm glad it's working. please mark my answer as accepted. I also suggest you to check prepared statements for your codes safety. — LetsSeo, Oct 30 '19 at 18:21

Any wrong code at this, the data still entering to database

1 Answers1