0

I'm getting an error on line 16 . please help me figure out why this line is giving an error. The code is bellow Non-unique email does not insert into table, so I don't understand the error. 

<?php
  if (isset($_POST['submit']))
        {
            $conn=mysql_connect("localhost","root","");
                  if($conn)
                  {
                      $sql=mysql_select_db("user",$conn)
                      or die("database not found".mysql_error());
                      $fname=$_POST['firstname'];
                      $lname=$_POST['lastname'];
                      $email=$_POST['email'];
                      $age=$_POST['age'];
                      $check=mysql_query("select email from reg where email = '$email'");

                        if(!$check) // if email not insert before then insert  new value into database 
                        {
                      $insert="insert into reg values ('','$fname','$lname','$email','$age') ";
                     $result= mysql_query($insert);
                            if($result)
                            {
                            echo "thank you for information entered";
                            }

                        }
                        else   echo "this email already exist !" ;
                  }
                  else
                      die("server not found".mysql_error());
        }
ndm
  • 59,784
  • 9
  • 71
  • 110
deserthunter
  • 25
  • 6
  • 1
    what happens if `$email = "'drop table reg";`? don't use mysql prototype unless you're using it for local purposes for self-use applications. Use mysqli_* or PDO instead. – briosheje Nov 07 '14 at 16:44
  • i dont becoz its procedural code and its logical error , there is nothing different with mysql or mysqli or pdo – deserthunter Nov 07 '14 at 16:49
  • What @briosheje probably wanted to say, is that your code is begging for SQL injections. – ndm Nov 07 '14 at 16:52
  • ps, please don't misuse tags to catch attention – ndm Nov 07 '14 at 16:55
  • 1
    fine, use mysql_ then, but don't come back here crying by yelling that your database table has been dropped for some "unknown reasons". – briosheje Nov 07 '14 at 16:56
  • Your logic is totally wrong. `mysql_query` doesn't return a "true" value. it returns a RESULT SET (success) or boolean FALSE (failure). An empty result set is STILL a success. – Marc B Nov 07 '14 at 17:09
  • Please, [don't use `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php), They are no longer maintained and are [officially deprecated](https://wiki.php.net/rfc/mysql_deprecation). Learn about [prepared statements](http://en.wikipedia.org/wiki/Prepared_statement) instead, and use [PDO](http://us1.php.net/pdo) or [MySQLi](http://us1.php.net/mysqli). You will also want to [Prevent SQL Injection!](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) – Jay Blanchard Nov 07 '14 at 17:27

2 Answers2

0

Your code:

$insert="insert into reg values ('','$fname','$lname','$email','$age') ";

If the first field is a PRIMARY number and AUTOINCREMENT, then you should change the empty string '' into NULL like this:

$insert="insert into reg values (NULL,'$fname','$lname','$email','$age') ";

as a result to get the next valid number for your newly created row

chipaki
  • 52
  • 1
  • 4
-1

i don't know what you try to accomplish by this check 

$check=mysql_query("select email from reg where email = '$email'");
if ($check)

but i think if you want to check if something match your select request better check how many rows was returned

$check=mysql_query("select email from reg where email = '$email'");
$num_rows = mysql_num_rows($check);
if ($num_rows==0) 

{
              $insert="insert into reg values ('','$fname','$lname','$email','$age') ";
             $result= mysql_query($insert);
                    if($result)
                    {
                    echo "thank you for information entered";
                    }

                }
                else   echo "this email already exist !" ;
          }
          else
              die("server not found".mysql_error());
}
someNameJustToAnswer
  • 155
  • 1
  • 9
  • You should always explain your solution when you answer a question. Don't just copy and paste some code and expect the OP to understand. If they understood that easily, they wouldn't be asking a question on here. – AdamMc331 Nov 07 '14 at 18:06