check that if email exists in data base or not

Question

i want to add user to database if Gmail doen't exist this method give Gmail and password from android app can you help me how check it??

function addUser($gmail, $password){
$connection = mysqli_connect(DataBaseManager::HOST,DataBaseManager::USER,DataBaseManager::PASSWORD,DataBaseManager::DATABASENAME);

mysqli_set_charset($connection, "utf8");       
$sqlCommand = "INSERT INTO users(gmail , password )VALUES('$gmail','$password')";

if (mysqli_query($connection, $sqlCommand)) {
      return true;
} else {
      return false;
}

}

What exactly is giving you trouble? Have you actually tried anything to accomplish this? — Patrick Q, Feb 05 '19 at 17:07
no i dont have error its true... i only want to now with which method i can search data base to find if email exist or not — Babak Rostami, Feb 05 '19 at 17:13
You need to run a `SELECT` query. There are plenty of SQL tutorials out there. This isn't really a "how do I write a simple query" place. SO is for when you have something that you've tried, and it is either generating errors or an unexpected result. — Patrick Q, Feb 05 '19 at 17:14
**Never store plain text passwords!** Please use ***PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html)*** to handle password security. If you're using a PHP version less than 5.5 you can use the `password_hash()` [compatibility pack](https://github.com/ircmaxell/password_compat). ***It is not necessary to [escape passwords](http://stackoverflow.com/q/36628418/1011527)*** or use any other cleansing mechanism on them before hashing. Doing so *changes* the password and causes unnecessary additional coding. — Jay Blanchard, Feb 05 '19 at 17:26
[Little Bobby](http://bobby-tables.com/) says ***[your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)*** Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! — Jay Blanchard, Feb 05 '19 at 17:27

score -1 · Accepted Answer · answered Feb 05 '19 at 17:16

-1

You can query this to know if a user is already registered.

SELECT gmail
FROM users
WHERE gmail = '$gmail'

If you have 1 row returned, so this user is already registered.

Once you find if this user exists, you can do your query with the INSERT clause.

answered Feb 05 '19 at 17:16

Arnaud Peralta

1,287
1
16
20

@BabakRostami and other future readers keep in mind that doing this will introduce a possible race condition in your website/application.. Ideally you should also add a unique key on the column in the database to prevent duplicates.. – Raymond Nijland Feb 05 '19 at 17:57
I don't understand your comment Dharman. Also you can suggest an edit. The answer is good, maybe there is another way to respond, but it not deserve a downvote. – Arnaud Peralta Jun 11 '19 at 23:51

check that if email exists in data base or not

1 Answers1