1

Okay, heres an update. $userexists stays at 0. Even though the user DOES exist in the database. It should tick to 1 because the user exists.

$email = filter_input(INPUT_POST, 'email', FILTER_SANITIZE_EMAIL);
if ($email === ''){
    unset($email);
}
   $nemail = test_input($email);


$userexists=0;
$test = <<<SQL
SELECT email FROM `Members` WHERE email='$nemail'
SQL;
if(!$result = $mysqli->query($test)){
    die('There was an error running the query');
}
while($row = $result->fetch_assoc()){
    $nemail = $row['email'];
    $userexists==1;
}

function test_input($data) {
  $data = trim($data);
  $data = stripslashes($data);
  $data = htmlspecialchars($data);
  return $data;
}
Kevin K
  • 113
  • 1
  • 2
  • 13

1 Answers1

1

This part of your code $userexists==1;

Remove an equal sign. we're not comparing here, you need to "assign". 

$userexists=1;

References:

Plus, the test_input() function you're using isn't the best to test against an SQL injection.

Use a prepared statement, please:

Funk Forty Niner
  • 74,450
  • 15
  • 68
  • 141
  • Heh, thanks! I missed that. Also loking over my code again im finding issues too. e.g. unset($email); and then proceeding to use it anyway... – Kevin K Dec 05 '15 at 04:57
  • @KevinK You're welcome Kevin, glad to have been of help. *Cheers* and do use a prepared statement. That function of yours won't protect you like a prepared statement, which I added to my answer. *Stay safe* ;-) – Funk Forty Niner Dec 05 '15 at 04:58