0

My code seems to be functioning properly (i dont get any erros) but the INSERT INTO query doesnt seem to be working as the data is never being put into the database.

Here is the code:

EDIT: i edited the code slightly so it would make logical sense but it still doesn't add the data to the table. (I even removed the if statement completely and just left the query in and it didnt add it.)

<?php

    //connect to user database
    include("db_connect.php");

    //set variables
    $firstName = $_POST['firstName'];
    $lastName = $_POST['lastName'];
    $email = $_POST['email'];
    $password = $_POST['password'];
    $gender = $_POST['gender'];
    $date = date('Y/m/d H:i:s a');

    //check if email exists
    $db_query = "SELECT * FROM users WHERE email LIKE '$email'";
    $db_result = mysql_query($db_query);
    if(!$db_result)
    {
        $query = "INSERT INTO users (lastName, firstName, email, password, gender, signup) VALUES ('$lastName', '$firstName', '$email', '$password', '$gender', '$date')";
        mysql_query($query);
        echo 'You have been successfully registered. Please <a href="login.php">Click Here</a> to log in.';
    }
    else {
        echo 'That email is already in use. <a href="login.php">Click Here</a> to return to the sign up page.';
    }

?>
yitzih
  • 3,018
  • 3
  • 27
  • 44
  • 4
    So long as `$email_taken` becomes a result resource by way of a successful query, it will always evaluate true. What you need to do instead is check for the presence of rows in the result set. – Crackertastic Jan 11 '15 at 22:55
  • 2
    You should be using mysqli commands instead of mysql in PHP a, as the mysql_* functions have been deprecated for many reasons and will eventually be removed. – JAL Jan 11 '15 at 22:55
  • 1
    **Danger**: You are using [an **obsolete** database API](http://stackoverflow.com/q/12859942/19068) and should use a [modern replacement](http://php.net/manual/en/mysqlinfo.api.choosing.php). You are also **vulnerable to [SQL injection attacks](http://bobby-tables.com/)** that a modern API would make it easier to [defend](http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php) yourself from. – Quentin Jan 11 '15 at 22:59
  • This is for learning experience only not anything that will go live so im not worried about security and the like – yitzih Jan 11 '15 at 23:01
  • Ok so i realized i need to change it to if(!$email_taken) {add to database} else{tell user it cant be done} but when i try it that way it still doesnt add it to the db. I even tried removing any checking at all and it doesnt seem to add it to the db (Its connecting to the db properly and i have the name of the table and its columns correctly.) – yitzih Jan 11 '15 at 23:17
  • Probably because your insert is failing, have you tried seeing if there are errors? `mysql_query($sql) or die(mysql_error());`. Now i **do not condone the use of `mysql_*` functions**, but you need to fix your error first. THEN you should do as @Quentin has stated in his comment. – Darren Jan 11 '15 at 23:38
  • I finally got it to work by switching all the functions to mysqli as people said. I'm not sure if maybe I did something else while i did that but at least now its working. – yitzih Jan 11 '15 at 23:48

2 Answers2

1

You need to replace 

if($email_taken)

with

if(mysql_num_rows($email_taken))
m_pro_m
  • 340
  • 4
  • 11
1

I would say it would be more like:

   //check if email exists
$db_query = "SELECT * FROM users WHERE email='{$email}'";
$res = mysql_query($db_query);
$email_taken = mysql_num_rows($res);

if($email_taken == 1)
{
    echo 'That email is already in use. <a href="login.php">Click Here</a> to return to the sign up page.';
}
else {
    $query = "INSERT INTO users (lastName, firstName, email, password, gender, signup) VALUES ('$lastName', '$firstName', '$email', '$password', '$gender', '$date')";
    mysql_query($query);
    echo 'You have been successfully registered. Please <a href="login.php">Click Here</a> to log in.';
}
CelestialDog
  • 67
  • 1
  • 9