Button is not disabled even one of the field bool value is TRUE

Question

I have this php code where it checks if the client_number or client_email present in the database. If present it'll disable the submit button. But when one of the field data is not present in database it enables the button which it shouldn't.

function checkDataExistence($connection){
  if(!empty($_POST["clientEmailID"])) {
    $query = "SELECT * FROM clients_table WHERE client_email='" . $_POST["clientEmailID"] . "'";
    $result = mysqli_query($connection, $query);
    $count = mysqli_num_rows($result);
    if($count>0) {
      echo "<span style='color:red'> This Email is already registered!.</span>";
      echo "<script>$('#submit').prop('disabled',true);</script>";
    } else{
      echo "<script>$('#submit').prop('disabled',false);</script>";
    }
  }

  if(!empty($_POST["clientPhoneNumber"])) {
        $query = "SELECT * FROM clients_table WHERE client_phone_number='" . $_POST["clientPhoneNumber"] . "'";
        $result = mysqli_query($connection, $query);
        $count = mysqli_num_rows($result);
        if($count>0) {
          echo "<span style='color:red'> This Phone number is already registered.</span>";
          echo "<script>$('#submit').prop('disabled',true);</script>";
        }else{
          echo "<script>$('#submit').prop('disabled',false);</script>"; 
        }
      }
}

How to make it work for both input fields?

Your script is vulnerable to [SQL Injection Attack](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). Even if [you are escaping variables, its not safe](https://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string%5D)! You should always use [prepared statements and parameterized queries](https://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php) in either MYSQLI or PDO instead of concatenating user provided values into the query. — Barmar, Jun 18 '22 at 17:33
The problem is that each function enables or disables the submit button based on just one field. You need to check ALL the fields, and only enable submit if they're all available. — Barmar, Jun 18 '22 at 17:36
You should not receive all data, but count `SELECT COUNT(*) FROM clients_table` [...] — Markus Zeller, Jun 18 '22 at 17:37

Button is not disabled even one of the field bool value is TRUE

0 Answers0