Kelvin Zhao Kelvin Zhao - 6 months ago 50
SQL Question

Database duplicate checking

I'm using this line to check if an email exists in the database, but it seems to not work. =( Any ideas?

$email = $_GET[ 'email' ];
$select = mysql_query( "SELECT `email` FROM `data` WHERE `email` = ' ".$_GET[ 'email' ]."'" ) or exit ( mysql_error() );
if( mysql_num_rows( $select ) ) {
// if email already exists
$data = 'emailused';


The select query resulting from your string concatenation introduces unwanted leading space characters. For example, when $_GET[ 'email' ] = then

"SELECT `email` FROM `data` WHERE `email` = '  ".$_GET[ 'email' ]."'"

results in

"SELECT `email` FROM `data` WHERE `email` = ''"
//                                           ^^
// These 2 space chars are causing the query not to match any rows

So to fix it, remove those unwanted spaces.

As a sidenote, as others have mentioned too, your code is open to SQL injection vulnerabilities. Consider using parameterized queries to mitigate. See PDO prepared statements.