-1

I'm trying to make it check if the email is already in the database but it's not working. here is what I've tried: I put in the code //email check so that you can easily find it.

          <?php
    include('config.php');

    if(isset($_POST['register']))
    {


        $password= $_POST['password'];

        $en= md5($password);


        $sq ="INSERT INTO `user` (`id`, `name`, `age`, `email`, `password`, `course`, `referral`, `created_at`) VALUES (NULL, '".$_POST['name']."', '".$_POST['age']."', '".$_POST['email']."', '$en', '".$_POST['course']."', '".$_POST['referral']."', '".date("Y-m-d h:i:sa")."');";
        $qu =mysqli_query($conn,$sq);
        if($qu)
        {
            $sq ="SELECT * FROM `user` WHERE email='".$_POST['email']."' AND password='$en'";
            $qu =mysqli_query($conn,$sq);
            $newaccount=mysqli_fetch_array($qu);

            $referral = $_POST['referral'];
            if(!is_null($referral) && strlen($referral) > 0)
            {
                $referral = strtolower(str_replace(' ', '', $referral));

                $sql="SELECT * FROM `user`";
                $res=mysqli_query($conn,$sql);
                while($row = mysqli_fetch_assoc($res))
                {
                    $name = strtolower(str_replace(' ', '', $row['name']));
                    if($referral == $name)
                    {
// EMAIL CHECK
                        if(!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
                            exit('Invalid email address');
                        }
                        $select = mysqli_query($connectionID, "SELECT `email` FROM `game` WHERE `email` = '".$_POST['email']."'") or exit(mysqli_error($connectionID));
                        if(mysqli_num_rows($select)) {
                            exit('This email is already being used');
                        }
                        $sq ="INSERT INTO `referral` (`id`, `user_id`, `sender_id`, `reward`, `status`, `created_at`, `id_course`, `id_content`) VALUES (NULL, '".$row['id']."', '".$newaccount['id']."', '10', '0', '".date("Y-m-d h:i:sa")."', '0', '0');";
                        $qu =mysqli_query($conn,$sq);
                        break;
                    }
                }
            }
            echo "<script>alert('Your Account Has Been Created')</script>";
                    echo "<script>window.open('page-login.php','_self')</script>";
        }
        else
        {
            echo "<script>alert('Your Account Has not  Been Created')</script>";
        }

    }

    ?>

I'm not sure if im doing the wrong placement or what but some help would be appreciated

Sky Hopper
  • 1
  • 3
  • _"but it's not working"_ means what exactly? – Jeff Jun 26 '18 at 21:51
  • 3
    your question is using very *very* outdated code, you have sql injections, and the complexity is whack. Take a look at https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php?rq=1 http://php.net/manual/en/book.pdo.php – Isaac Jun 26 '18 at 21:52
  • _do not_ md5 passwords. it's unsecure. use password_hash – Jeff Jun 26 '18 at 21:53

1 Answers1

1
  • You need to set email as unique in database schema
  • So If record insert successfully it means not already exists
  • if error, then email already exists.
Naveed Ramzan
  • 3,565
  • 3
  • 25
  • 30