how to check if email address exists. validation

Question

I can't seem to work out how to check if an email exists in my database. Currently users use their email address to login to my site with a password but currently a user can register more than once with the same email address which is cause big issues on my site. Have done some research but can't seem to work it out.

Can anybody help me?

<?php       

if(isset($_POST['add']))
{
$dbhost = 'localhost';
$dbuser = 'user';
$dbpass = 'pass';
$db = "db";
$conn = mysql_connect($dbhost, $dbuser, $dbpass);
if(! $conn )
{
  die('Could not send your enquiry at this time please try again later.');
}


$phone = mysql_real_escape_string((string)$_POST['phone']);
$email = mysql_real_escape_string((string)$_POST['email']);
$password = mysql_real_escape_string((string)$_POST['password']);
$firstname = mysql_real_escape_string((string)$_POST['firstname']);
$surname = mysql_real_escape_string((string)$_POST['surname']);
$country = mysql_real_escape_string((string)$_POST['country']);
$nationality = mysql_real_escape_string((string)$_POST['nationality']);
$yearofbirth = mysql_real_escape_string((string)$_POST['yearofbirth']);  
$profession = mysql_real_escape_string((string)$_POST['profession']); 
$status = mysql_real_escape_string((string)$_POST['status']); 
$membertype = 'Registered';
$dateregistered = mysql_real_escape_string((string)$_POST['dateregistered']); 
$agreedtoterms = mysql_real_escape_string((string)$_POST['agreedtoterms']); 

$sql = "INSERT INTO members
       (phone, email, password, firstname, surname, country, nationality, yearofbirth, profession, uniquepin, status, membertype, dateregistered, agreedtoterms)
       VALUES('$phone', '$email', '$password', '$firstname','$surname','$country','$nationality','$yearofbirth','$profession','$uniquepin','$status','$membertype','$dateregistered', '$agreedtoterms')";


mysql_select_db($db);
$retval = mysql_query( $sql, $conn )or die(mysql_error());

?>

first u can make this field as unique in you db table,to sure that email do not exist more then one time, like http://stackoverflow.com/questions/5038040/mysql-make-a-field-unique — Haim Evgi, May 22 '11 at 10:17
Are those your real connection details? Best to avoid using the real values. — alex, May 22 '11 at 10:20
User input is always a string in PHP, so no need to cast them all. — alex, May 22 '11 at 10:21

score 5 · Answer 1 · answered May 22 '11 at 10:18

You could make the email column have the unique constraint - then the query would fail when attempting to insert.

You could also just query it....

SELECT `email`
  FROM `members`
 WHERE `email` = '$email'
 LIMIT 1

If you get a result, the email exists.

score 1 · Answer 2 · answered May 22 '11 at 10:33

Prior to adding the unique constraint on the login table, he needs to consolidate the duplicate email records (the constraint will fail otherwise) into a single record and inform affected users.

With emails unique at data level, he can then add the constraint. Finally, before creating any new login record, he runs a query to see if email-to-add exists.

Should be an SO thread for this: email-based-logins 101 ;--)

Peter Westerlund · Answer 3 · 2021-05-03T08:34:41.133

Simply make a database question to see if the email address already exists.

$query_ch_email = mysql_query("SELECT email FROM members WHERE email = '$email' LIMIT 1") or die(mysql_error());

    if (mysql_num_rows($query_ch_email) > 0)
    {
        $notices['register'][] = 'Your e-mail already exist'; 
    }

    if (!count($notices['register']))
    {
        $sql_insert = "INSERT INTO members (
        
          phone
        , email
        , password
        , firstname
        , surname
        , country
        , nationality
        , yearofbirth
        , profession
        , uniquepin
        , status
        , membertype
        , dateregistered
        , agreedtoterms
        
        ) VALUES (
        
          '".mysql_real_escape_string($phone)."'
        , '".mysql_real_escape_string($email)."'
        , '".mysql_real_escape_string($password)."'
        , '".mysql_real_escape_string($firstname)."'
        , '".mysql_real_escape_string($surname)."'
        , '".mysql_real_escape_string($country)."'
        , '".mysql_real_escape_string($nationality)."'
        , '".mysql_real_escape_string($yearofbirth)."'
        , '".mysql_real_escape_string($profession)."'
        , '".mysql_real_escape_string($uniquepin)."'
        , '".mysql_real_escape_string($status)."'
        , '".mysql_real_escape_string($membertype)."'
        , '".mysql_real_escape_string($dateregistered)."'
        , '".mysql_real_escape_string($agreedtoterms)."'
        
        )";
        
        mysql_query($sql_insert) or die(mysql_error());
    }

Whoops, I guess if mysql_real_escape_string is used as abover above, there wouldn't be a sql injection issue. Unfortunately can't change my vote. — Kzqai, Apr 15 '12 at 03:24
@Kzqai I have edited my post now and added `mysql_real_escape_string()`. I also wanna say that I think my answer is better than alex who got 5 upvotes because my code will return a more user-friendly response to the visitor than just a database error. — Peter Westerlund, May 03 '21 at 08:38

how to check if email address exists. validation

3 Answers3