0

I have a query that checks if the inserted first name and last name exist in the database or not , I want to make the check for first name and last name or email , So if the inserted first name and last name exist then the user found and if the email only exist in the database then the user is found also , How to do that ?

Here is the code:

$query = "SELECT * FROM users WHERE first_name='" . $f_name . "' AND last_name='" . $l_name . "'";
    $result = mysql_query($query);
        $row = mysql_fetch_assoc($result);
if(empty($row)){
    //some code to add the user to the database
}else{
   //user is found
}

So I want the else mean that either (the first name and last name) or (the email only) doesn't exist in the database

Your Common Sense
  • 156,878
  • 40
  • 214
  • 345
Sam
  • 163
  • 4
  • 10
  • Add `OR` condition to a query. And move to up-to-date apis with prepared statements - PDO or mysqli. – u_mulder Oct 02 '17 at 06:42
  • You would need to include logic about the email in your query. By the way, you should use prepared statement instead of concatenating together your query, which runs the risk of SQL injection (bad people can delete your entire database, potentially). – Tim Biegeleisen Oct 02 '17 at 06:43

3 Answers3

0
$query = "SELECT * FROM users WHERE (first_name='" . $f_name . "' AND last_name='" . $l_name . "') OR (email = '" . $email . "')";
Barclick Flores Velasquez
  • 673
  • 6
  • 12
0

Hope this helps,

$query = "SELECT * FROM users WHERE (first_name='" . $f_name . "' AND 
last_name='" . $l_name . "') OR (email = '" . $email . "')";

Edit -

Barclick Flores Velasquez his answer did not load for me yet, which is also correct.

Tomm
  • 1,021
  • 2
  • 14
  • 34
0

Just need to append your query with email condition.

<?php
$query = "SELECT * FROM users WHERE (`first_name` = '".$f_name."' AND `last_name` = '".$l_name."') OR (`email_column_name` = '".$email."') ";
$result = mysql_query($query);
$row = mysql_fetch_assoc($result);
if(empty($row)){
  //some code to add the user to the database
} else {
  //user is found
}?>

I would suggest you to use prepared statements to avoid SQL Injection

Object oriented style

<?php
$mysqli = new mysqli("localhost", "user_name", "password", "db_name");
$stmt = $mysqli->prepare("SELECT * FROM users WHERE (`first_name` = ? AND `last_name` = ?) OR (`email_column_name` = ?) ");
$stmt->bind_param("sss", $f_name, $l_name, $email);
$result = $stmt->execute();

if($result->num_rows > 0){
  //user is found
} else {
  //some code to add the user to the database
}?>

Procedural style

<?php
$mysqli = mysqli_connect("localhost", "user_name", "password", "db_name");
$stmt = mysqli_prepare($mysqli, "SELECT * FROM users WHERE (`first_name` = ? AND `last_name` = ?) OR (`email_column_name` = ?) ");
mysqli_stmt_bind_param($stmt, "sss", $f_name, $l_name, $email);
$result = mysqli_stmt_execute($stmt);

if(mysqli_num_rows($result) > 0){
  //user is found
} else {
  //some code to add the user to the database
}?>

Quick Links

  1. mysqli::prepare/mysqli_prepare
  2. How can I prevent SQL injection in PHP?
Nana Partykar
  • 10,556
  • 10
  • 48
  • 77