-1

I have a function that checks if user data exists in database and returns email id of user. If it doesnt exits then it inserts and should return the inserted user email.

Part of my function 

function checkUser($userdata){
        $oauth_uid = $userdata->id;
        $email = $userdata->emailAddress;
        $check = $this->db->query("SELECT * FROM $this->userTable WHERE oauth_uid = '".$oauth_uid."' AND email = '".$email."'");
        if(mysqli_num_rows($check) > 0){
            $result = $check->fetch_array(MYSQLI_ASSOC);
            $query = "UPDATE $this->userTable SET fname = '".$userdata->firstName."', lname = '".$userdata->lastName."', email = '".$userdata->emailAddress."', location = '".$userdata->location->name."', country = '".$userdata->location->country->code."', picture_url = '".$userdata->pictureUrl."', profile_url = '".$userdata->publicProfileUrl."', modified = '".date("Y-m-d H:i:s")."' WHERE id = ".$result['id'];
            $this->db->query($query);
            return $result['id'];  //this works it returns email of user if exists
        }else{
            $query = "INSERT INTO 
                        $this->userTable(oauth_provider,oauth_uid,fname,lname,email,location,country,picture_url,profile_url,created,modified) 
                        VALUES('linkedin','".$userdata->id."','".$userdata->firstName."','".$userdata->lastName."','".$userdata->emailAddress."','".$userdata->location->name."','".$userdata->location->country->code."','".$userdata->pictureUrl."','".$userdata->publicProfileUrl."','".date("Y-m-d H:i:s")."','".date("Y-m-d H:i:s")."')";
            $this->db->query($query);

            $id = $this->db->insert_id;
            $check = $this->db->query("SELECT * FROM $this->userTable WHERE oauth_uid = '".$id."'");

            if(mysqli_num_rows($check) > 0){
            $result = $check->fetch_array(MYSQLI_ASSOC);            
                return $result['id']; //this doesnt work. It inserts the data into database but doesn't return anything.
            }
        }
    }

The if statement works properly. It checks if user exists then returns the email.

The else part works partially. It inserts the user into database but does not return the email how can i make this work.

Thanks.

Phoenix
  • 332
  • 2
  • 9
  • 32
  • Possible duplicate of [Incrementing value in PHP script not working](http://stackoverflow.com/questions/40573476/incrementing-value-in-php-script-not-working) – e4c5 Jan 02 '17 at 05:21
  • Thought the dupe is for PDO, it's still valid. You don't need the SELECT before the insert and you are not using prepared statements – e4c5 Jan 02 '17 at 05:21
  • You are wide open to [**SQL injection**](https://www.owasp.org/index.php/SQL_Injection). You need to use prepared statements, rather than concatenating variables into your query. See [How can I prevent SQL injection in PHP?](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php?rq=1). – elixenide Jan 02 '17 at 05:21
  • @e4c5 Its not duplicate mine is completely different question. – Phoenix Jan 02 '17 at 05:22
  • @EdCottrell i am not getting this data from some form on webpage. Its complex with alot of auth in between. user cant even get to this url as its complex and generates new url everytime but thats besides the point. I am trying to return email when it inserts into database. – Phoenix Jan 02 '17 at 05:29
  • try debugging the result `var_dump($result);` – Beginner Jan 02 '17 at 05:30
  • @Phoenix Nonetheless, this is a very, very bad idea. I can't stress enough how dangerous building a query by concatenating strings is. One error somewhere, anywhere, and you're toast. That's why this is considered bad practice. Don't risk it. Write proper code and use prepared statements. – elixenide Jan 02 '17 at 05:32
  • @EdCottrell ok. will change thanks for suggestion. – Phoenix Jan 02 '17 at 05:34

1 Answers1

1

Your code says you want to return the user id and not the user email, if so Use

return $check->insert_id;

Instead of the if(mysqli_num_rows($check) > 0) block

But if it is the user email you intend to get, then just return it from the userdata object

return $userdata->emailAddress;

Hope it helps

funsholaniyi
  • 435
  • 2
  • 12