how to check if email address exists. validation

Question

I can't seem to work out how to check if an email exists in my database. Currently users use their email address to login to my site with a password but currently a user can register more than once with the same email address which is cause big issues on my site. Have done some research but can't seem to work it out.

Can anybody help me?

<?php       

if(isset($_POST['add']))
{
$dbhost = 'localhost';
$dbuser = 'user';
$dbpass = 'pass';
$db = "db";
$conn = mysql_connect($dbhost, $dbuser, $dbpass);
if(! $conn )
{
  die('Could not send your enquiry at this time please try again later.');
}


$phone = mysql_real_escape_string((string)$_POST['phone']);
$email = mysql_real_escape_string((string)$_POST['email']);
$password = mysql_real_escape_string((string)$_POST['password']);
$firstname = mysql_real_escape_string((string)$_POST['firstname']);
$surname = mysql_real_escape_string((string)$_POST['surname']);
$country = mysql_real_escape_string((string)$_POST['country']);
$nationality = mysql_real_escape_string((string)$_POST['nationality']);
$yearofbirth = mysql_real_escape_string((string)$_POST['yearofbirth']);  
$profession = mysql_real_escape_string((string)$_POST['profession']); 
$status = mysql_real_escape_string((string)$_POST['status']); 
$membertype = 'Registered';
$dateregistered = mysql_real_escape_string((string)$_POST['dateregistered']); 
$agreedtoterms = mysql_real_escape_string((string)$_POST['agreedtoterms']); 

$sql = "INSERT INTO members
       (phone, email, password, firstname, surname, country, nationality, yearofbirth, profession, uniquepin, status, membertype, dateregistered, agreedtoterms)
       VALUES('$phone', '$email', '$password', '$firstname','$surname','$country','$nationality','$yearofbirth','$profession','$uniquepin','$status','$membertype','$dateregistered', '$agreedtoterms')";


mysql_select_db($db);
$retval = mysql_query( $sql, $conn )or die(mysql_error());

?>

Answer 1

Simply make a database question to see if the email address already exists.

$query_ch_email = mysql_query("SELECT email FROM members WHERE email = '$email' LIMIT 1") or die(mysql_error());

    if (mysql_num_rows($query_ch_email) > 0)
    {
        $notices['register'][] = 'Your e-mail already exist'; 
    }

    if (!count($notices['register']))
    {
        $sql_insert = "INSERT INTO members (
        
          phone
        , email
        , password
        , firstname
        , surname
        , country
        , nationality
        , yearofbirth
        , profession
        , uniquepin
        , status
        , membertype
        , dateregistered
        , agreedtoterms
        
        ) VALUES (
        
          '".mysql_real_escape_string($phone)."'
        , '".mysql_real_escape_string($email)."'
        , '".mysql_real_escape_string($password)."'
        , '".mysql_real_escape_string($firstname)."'
        , '".mysql_real_escape_string($surname)."'
        , '".mysql_real_escape_string($country)."'
        , '".mysql_real_escape_string($nationality)."'
        , '".mysql_real_escape_string($yearofbirth)."'
        , '".mysql_real_escape_string($profession)."'
        , '".mysql_real_escape_string($uniquepin)."'
        , '".mysql_real_escape_string($status)."'
        , '".mysql_real_escape_string($membertype)."'
        , '".mysql_real_escape_string($dateregistered)."'
        , '".mysql_real_escape_string($agreedtoterms)."'
        
        )";
        
        mysql_query($sql_insert) or die(mysql_error());
    }

Answer 2

Prior to adding the unique constraint on the login table, he needs to consolidate the duplicate email records (the constraint will fail otherwise) into a single record and inform affected users.

With emails unique at data level, he can then add the constraint. Finally, before creating any new login record, he runs a query to see if email-to-add exists.

Should be an SO thread for this: email-based-logins 101 ;--)

Answer 3

You could make the email column have the unique constraint - then the query would fail when attempting to insert.

You could also just query it....

SELECT `email`
  FROM `members`
 WHERE `email` = '$email'
 LIMIT 1

If you get a result, the email exists.