Php email account validation

Question

<?php

ini_set('display_errors', 1); ini_set('log_errors',1); error_reporting(E_ALL); mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);

include 'dbconnection.php';

$first = $_POST['fname'];
$last = $_POST['lname'];
$email = $_POST['email'];
$password = $_POST['password'];

$query = mysql_query("SELECT * FROM users WHERE Email='$email'");
if(mysql_num_rows($query) > 0){
   echo "That account already exists!"; 
}else{

$query = mysqli_query("INSERT INTO users (FirstName, LastName,Email,Password) values ('$first','$last','$email','$password')");

header("location: signedup.php");
}

?>

I'm still learning Php so excuse myself. I think I understand the basic principles however have hit a wall. Anyhow when posting the entered data into the text field, the form should take those entries and place them into the variables. One variable being the email to which should be used to validate the form, it should do this by checking the variable data against the database itself and checking if any rows match, if they do then return a message to the user otherwise proceed to enter the data into the user table. Can anyone see where i've gone wrong code wise? my error shows as so "Fatal error: Uncaught Error: Call to undefined function mysql_query() in php_page:12 Stack trace: #0 {main} thrown in php_page on line 12"

replace `mysql_query` with `mysqli_query` on line 12 – guigoz Feb 09 '18 at 00:06 — guigoz, Feb 09 '18 at 00:06

user9189147 · Answer 1 · 2018-02-09T00:31:16.597

First off you probably don't have mysql_query as a function, because this extension was deprecated in PHP 5.5.0. It was removed from PHP 7. You will want to use the mysqli extension. See http://php.net/manual/en/book.mysqli.php. This is very similar to the mysql extension, but is 'improved.' You will need to modify your code to use the mysqli extension. Also, have a look at prepared statements: http://php.net/manual/en/mysqli.prepare.php. You will want to use prepared statements to prevent SQL injection, which is when someone injects malicious values into your queries. Using unfiltered $_POST data is not good for security reasons, as it can lead to SQL injection, among other things. You will want to see: http://php.net/manual/en/function.filter-input.php for various ways to filter your $_POST data.

score -3 · Answer 2 · answered Feb 09 '18 at 00:08

-3

in all your $query prefer to use like that $query = mysql_query("SELECT * FROM users WHERE Email='".$email."'");

answered Feb 09 '18 at 00:08

phildvlopr101

1

Bad Practice, direct MySQL code injection as `$email` is taken from `$_POST` – Ice76 Feb 09 '18 at 00:24
yes indeed. It's a bad pratice way. My mistake.The code injection is dangerous. So you have to protect your code with the right comment of user9189147. – phildvlopr101 Feb 10 '18 at 19:17

Php email account validation

2 Answers2