Using Ajax to see if email already exists in database

Question

I have a form where a thank you message displays after you have submitted it, however, I want it to alert "invalid email" if the email you have submitted already exists in the database.

Right now it just proceeds to the thank you message (and not displaying the alert) even if the email already exists in the database. I am using ajax to send the form data to the database. What am I doing wrong in the code?

my ajax code:

$(document).ready(function(){
$("#submit").click(function(){

var name = $("#fullname2").val();
var email = $("#fullemail2").val();
var state = $("#selectstate").val();
// Returns successful data submission message when the entered information is stored in database.
var dataString = 'FullName='+ name + '&email='+ email + '&SovereignState='+ state;
if(name==''||email==''||state=='')
{
alert("Please Fill All Fields");
}
else
{
// AJAX Code To Submit Form.
$.ajax({
type: "POST",
url: "demo.php",
data: dataString,
cache: false,
success: function( phpSays ){
    if ( phpSays == "OK"){
        alert("invalid email");
    }
    else {
        $('#sinatra2').hide();
        $('#thanks').show();
    }
}
});
}
return false;
});
});

and this is the php:

<?php

define('DB_NAME', '');
define('DB_USER', '');
define('DB_PASSWORD','');
define('DB_HOST', '');

$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD) ;

if (!$link) {
    die('Could not connect: ' . mysql_error ()) ;
}

$db_selected = mysql_select_db (DB_NAME, $link) ;

if (!$db_selected) {
    die('Cant use ' . DB_NAME . ': ' . mysql_error()) ;
    }

$new_email = $_POST ['email'];

$sql2 = mysql_query ("SELECT email from Data_2 WHERE email = '$new_email");
$row = mysql_fetch_row($sql2);

if(mysql_num_rows($row) > 0) {

echo 'OK' ;

}
else {

$value = $_POST ['FullName'];
$value2 = $_POST ['email'];
$value3 = $_POST ['SovereignState'];

$sql = "INSERT INTO Data_2 (FullName, email, SovereignState) VALUES     ('$value', '$value2', '$value3')";

if (!mysql_query ($sql)) {
    die('Error: ' . mysql_error());
}
}

mysql_close();
?>

Answer 1

Try this:

$sql2 = mysql_query("SELECT COUNT(`email`) AS count from Data_2 WHERE email = $new_email");

if ($sql2)
    {
    $count = mysql_fetch_assoc($sql2) ['count'];
    if ($count > 0)
        {
        echo 'email exists';
        }
      else
        {
        echo 'email does not exist';
        }
    }

Answer 2

You miss an end quote in your SQL. You need to escape the email to protect from SQL-injections. You use mysql_num_rows() wrong, it accepts the resource. Below is an example to fix all issues:

$result = mysql_query ("SELECT email from Data_2 WHERE email = '".mysql_real_escape_string($new_email)."'");
if (mysql_num_rows($result) > 0) {
    echo 'OK' ;
}

Answer 3

$sql2 = mysql_query ("SELECT email from Data_2 WHERE email = '$new_email");

replace with:

$sql2 = mysql_query ("SELECT email from Data_2 WHERE email = '$new_email' ");

Also

if(mysql_num_rows($row) > 0) {
  echo 'OK' ;

}

replace with:

if(mysql_num_rows($sql2) > 0) {
   echo 'OK' ;
}

Answer 4

Replace this line var dataString = 'FullName='+ name + '&email='+ email + '&SovereignState='+ state; with var dataString = {FullName: name, email: email, SovereignState: state}; . Home that will fixed your problem.