Lookup Form Value In SQL Tutorial?

[snuggles79]

I am creating a lovely little mailing list script thingy and have come to the point where I need to check if the e-mail address somebody is trying to sign up with is already in the database and return a message if it is.

 

I have tried looking for tutorials on how to do this but to no avail - anything I did find was definitely not for the newbie like I am.

 

So, if anybody can point me in the right direction of a decent tutorial I would be most grateful.

[premiso]

$sql = "SELECT email FROM tbl_name WHERE email = '" . $email . "' LIMIT 1";
$res = mysql_query($sql);

if (mysql_num_rows($res) < 1) {
    // process email
} else {
    echo 'email in use';
}

[revraz]

Just a note, always use mysql_error() after your queries to check for errors.

 

I also created a Function to check for dupes if you want it, that way you can use it for other things besides Email.

[snuggles79]

Hi

 

That's great - thank you very much for that.

 

The only reason I wanted a tutorial though was to understand exactly what each bit of the script did and where to insert it into my script.

 

Though I think I can work out what the script does:

 

first line sets sql variable to either 1 or 0 - 1 if e-mail address is already in the db and 0 if not

 

Then if it isn't process the e-mail and if it is then tell them so.

 

However what does $res = mysql_query($sql); do exactly?

[premiso]

Just a note, always use mysql_error() after your queries to check for errors.

 

I also created a Function to check for dupes if you want it, that way you can use it for other things besides Email.

 

Always is a harsh word. Actually in testing that may be true, in production you want to hide the real error, and log it in a db/email it to yourself cause you do not want to give hackers any type of inside information to your system.

 

 

The $res line executes the query, then assigns the resource of that query to $res, to be used by other mysql functions.

 

mysql_query can explain it better than I can.

[revraz]

Then use @ in front if it, you don't have to display it.  But if you don't capture it, even in production, you'll never catch errors.

[premiso]

Then use @ in front if it, you don't have to display it.  But if you don't capture it, even in production, you'll never catch errors.

 

@ supressor is never good, honestly. That is what display_errors 0 is for easy to change/revert back.

 

I am not saying, do not capture it. I am saying in production, capture it, send yourself an email and alert the user there was an error. That way you have the error, they see a pretty page, and no information is given that could compromise your site =)