CODEWITHSUNDEEP
phpswitch-statementconditional-statements
copilot0910
copilot0910

Reputation: 431

PHP Conditional Working With Else Value Incorrectly

I am writing a conditional in PHP to check if certain user credentials have been used, and am using an if....elseif....else conditional method to do it. In each statement, I am defining the value of a variable if that statement is true. No matter what, the else value is always being used.

Also, if you want brownie points, would this be easier to do with a switch statement?

$username = $_POST['username'];
$password = strong_crypt($_POST['password'] . $username );
$name = $_POST['name'];
$email = $_POST['email'];

while($row = mysqli_fetch_array($query))
{
    $allEmails = $row['email'];
    $allUnames = $row['uname'];
}

if($allEmails === $email)
{
    $message = "That email already exists. You can only have one account per email address.";
}
elseif($allUnames === $username)
{
    $message = "That username has already been taken. Please choose a different one.";
}
elseif($username === null || $email === null || $password === null || $name === null) 
{
    $message = "Please fill out all fields to register";
}
else
{
    mysqli_query($conn, "INSERT INTO login (name, uname, pword, email, lat, lon, it) VALUES ('$name', '$username', '$password', '$email', '$lat', '$lon', '$it')");
    $message = "goodtogo";
}

Upvotes: 0

Views: 112

Answers (4)

AlliterativeAlice
AlliterativeAlice

Reputation: 12587

It appears the issue here is that you're doing the checks outside of the while loop, so that the check will always be done against the values from the LAST row of your query. Perhaps this code is more what you were aiming for?

$username = $_POST['username'];
$password = strong_crypt($_POST['password'] . $username );
$name = $_POST['name'];
$email = $_POST['email'];
$message = '';

if($username === null || $email === null || $password === null || $name === null) 
{
    $message = "Please fill out all fields to register";
}
else
{
    while($row = mysqli_fetch_array($query))
    {
        $allEmails = $row['email'];
        $allUnames = $row['uname'];

        if($allEmails === $email)
        {
            $message = "That email already exists. You can only have one account per email address.";
            break;
        }
        else if($allUnames === $username)
        {
            $message = "That username has already been taken. Please choose a different one.";
            break;
        }
    }
}
if (!$message)
{
    mysqli_query($conn, "INSERT INTO login (name, uname, pword, email, lat, lon, it) VALUES ('$name', '$username', '$password', '$email', '$lat', '$lon', '$it')");
    $message = "goodtogo";
}

Upvotes: 1

Petr R.
Petr R.

Reputation: 1237

Variables $allEmails and $allUnames contains the values of the last returned entry by database. I would recommend you to change your SQL query to something like:

SELECT * FROM `users` where `email` = '$email'

and

SELECT * FROM `users` where `uname` = '$username'

or use an array:

$allEmails = array();
$allUnames = array();
while($row = mysqli_fetch_array($query))
{
    $allEmails[] = $row['email'];
    $allUnames[] = $row['uname'];
}

and use the in_array() function to check wether the entered value is in that array.

Also, your query is vulnerable to SQL injections.

Upvotes: 0

dpfarhad
dpfarhad

Reputation: 77

you should change your query lines as follow

$query = "SELECT * FROM users WHERE `email`='{$email}'"; 
$isEmail = mysql_num_rows(mysql_query($query));
if($isEmail>0) $message = "That email already exists. You can only have one account per email address.";
$query = "SELECT * FROM users WHERE `uname`='{$name}'";
$isUser = mysql_num_rows(mysql_query($query));
if($isUser>0) $message = "That username has already been taken. Please choose a different one.";

Upvotes: 0

mtotho
mtotho

Reputation: 52

If the query is selecting just 1 email per row, then should your code look more like this?:

 $username = $_POST['username'];
 $password = strong_crypt($_POST['password'] . $username );
 $name = $_POST['name'];
 $email = $_POST['email'];
 $taken=false;
 $invalid=false;
 while($row = mysqli_fetch_array($query))
   {
       $singleEmail = $row['email'];
       $singleUname = $row['uname'];


   if($singleEmail== $email)
   {
      $message = "That email already exists. You can only have one account per email   
       address.";
       $taken=true;
    }
    else if($singleUname== $username)
   {
       $message = "That username has already been taken. Please choose a different 
        one.";
      $taken=true;
   }
   else if($username == null || $email == null || $password == null || $name == null) 
   {
      $message = "Please fill out all fields to register";
      $invalid=true;
   }

}//end while

if (!$taken && !$invalid){

     mysqli_query($conn, "INSERT INTO login (name, uname, pword, email, lat, lon, it) 
     VALUES ('$name', '$username', '$password', '$email', '$lat', '$lon', '$it')");
      $message = "goodtogo";

}

This would have the whole thing in a loop. checking 1 email at a time.

Otherwise, you could query the database to return ALL emails, put them in an array then compare the inputted email against the array. For example

 $allEmails() //assume array populated from db

 if(in_array($email, $allEmails)){ //then it already exists

Upvotes: 0

Related Questions