> From: Sebastian Marcu [mailto:[EMAIL PROTECTED]] 
> Sent: Thursday, August 15, 2002 2:32 PM
> Subject: [PHP] Problem with Testing if the user has an 
> account in my database
> 
> 
> For some reason though it isn't working right and
> keeps telling me that the 'Email' address is already
> taken even though this entry is non-existant in the
> database.
> 
> What am I doing wrong with my code below? Is there a
> better way to check if the email address is already
> contained in the database?
> 
> _______________________________________
> 
> require ("config.inc.php");
> 
> $db = mysql_connect($dbserver,$nutzer,$passwort);
> 
> $myData = mysql_db_query($dbname,"SELECT * FROM
> learningZoneCustomer WHERE Email='$rEmail'");

Make sure you either addslashes or config magic_quotes_gpc and do 
some validation on this tainted user data field $rEmail.  

> 
> if ($myData > 0)

$myData will always be true as long as the sql is valid.  Use mysq_num_rows()
To see if there was a hit.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to