Re: Re: Current Member Check

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Brad Ciszewski wrote:
> if($checkEmail != "0"){
> echo("<center><font color=\"#990000\">The email address has already been
> registerd with an account.</font></center>");
> include("../includes/footer.php");
> exit;
> }

In addition to the egregious security hole noted by others, your basic
problem is you are confusing yourself (as almost every beginner does) with
the difference between:

The query was not successfully executed by the database.
The query returned no records.

$checkEmail is only going to be FALSE if the query *FAILED* to execute.
You should check for that.

But regardless of the email being in the database or not, $checkEmail will
be a non-FALSE value (and hence != "0") if the query ran successfully.

In other words, it's a successful query and result even *if* there are no
records in the database matching '$email'

What you need to do is use one of these:
http://php.net/mysql_num_rows
http://php.net/mysql_fetch_row
http://php.net/msyql_fetch_array
http://php.net/mysql_result
to determine if there were or were NOT any records returned.

It would actually be more efficient (and thus a good habit to form) to use:
"select count(*) from ..."

MySQL has some special code internally to make that SQL run efficiently.

You then want to check the actual result (not mysql_num_rows, one of the
others) to see if you got 0 or 1.  (Or more than 1, if you somehow manage
to get duplicates in the database.)


To go even farther:  You should *NEVER* use "select * ..."

It's *always* going to be the least efficient way to get the data you need
-- which may be exactly the same as the most efficient way, if you really
do need *all* the columns.

But you almost always don't really need *all* the columns, and even when
you do, sooner or later, somebody will add some kind of status/flag/new
column to the database that you do *NOT* need, and you'll be grabbing data
you don't need.

Name the columns you need.

-- 
Like Music?
http://l-i-e.com/artists.htm

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux