0

my if statement is stopping at empty it's not running the sql part, please help

//check if signin is clicked

if (isset($_POST['Signin'])){

    //including database
    include_once 'inc/dbs.php';

    //variables
    $email = mysqli_real_escape_string($conn, $_POST['email']);
    $pwd = mysqli_real_escape_string($conn, $_POST['pwd']);

    //check if fields are empty
    //this is where the if statement stoped
    if (empty($email) || empty($pwd)){
        header('Location: project.php?empty field');
        exit();
    }

    //if user has an account
    //this line isn't working

    else{
        $sql = "SELECT * FROM users WHERE email = $email";
        $row = mysqli_query($conn, $sql);
        $result = mysqli_num_rows($row);
        if ($result < 1)
        {
            header('Location: project.php?error');
            exit();
        }
        else
        {
            header('Location: admin.php');
            exit();
        }
    }
}
else{
    header('Location: project.php?please fill and submit');
    exit();
}
YakovL
  • 7,557
  • 12
  • 62
  • 102
hannah onyinye
  • 3
  • 2
  • There's an `exit` in there. Also, please format your code in this post. – C-Otto Jan 16 '18 at 14:47
  • 1
    `is stopping at empty its not running the sql part` does this mean that `header('Location: project.php? empty field')` is getting executed or not? – IsThisJavascript Jan 16 '18 at 14:48
  • 1
    You are wide open for SQL injection. Since you're using mysqli, take advantage of [prepared statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and [bind_param](http://php.net/manual/en/mysqli-stmt.bind-param.php). **This will take care of any pesky quoting issues that may occur.** Using the method you're currently using, `$email` should be quoted. – aynber Jan 16 '18 at 14:49

0 Answers0