stackoom
  简体   繁体   中英

PHP: Insert into MySQL database and check if already existing - with binding parameters

 原文  2019-10-04 13:52:54       php/ mysql/ mysqli/ sql-insert

Question

I am trying to insert test data into a MySQL database using the below lines which works fine so far.

1) How can I check whether the email already exists in the database and if, echo a message? I saw references here to the use of WHERE EXISTS or mysqli_num_rows but I am not sure which and how to apply here - in combination with binding parameters.
2) I came across unset($username, $password, $database); to make this query more secure. Is that something that is needed / useful here and if, where should I put it?

My PHP:

$conn = new mysqli($host, $username, $password, $database);
if($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
}

$stmt = $conn->prepare("INSERT INTO cust (email, pw) VALUES (?, ?)");
$stmt->bind_param("ss", $email, $hashPw);

$email = "me@mail.com";
$pw = "testpw12345";                
$hashPw = password_hash($pw, PASSWORD_DEFAULT); 
$stmt->execute();

echo "Success";

$stmt->close();
$conn->close();

2 answers

solution1
 1  2019-10-04 17:05:23

An alternative to the solution proposed already.

$stmt = $conn->prepare("SELECT COUNT(1) FROM cust WHERE email = ?");
$stmt->bind_param("s", $email);
$stmt->execute();
$emailExists = $stmt->get_result()->fetch_row()[0];
if ($emailExists) {
    echo "This email address is already in use";
} else {
    // continue with insert code
}

This approach does not require you to close the statement. Once you execute get_result the statement data is fetched in full.
This solution also has a potential performance benefit. If your table contains many columns with many data, then fetching that data just to check if a record exists is a waste of CPU. Simply fetch COUNT(1) and check the single column of the single returned record. If it is 0, the value is falsish, if it is more than your if statement will evaluate to true and a message will be displayed. I would also strongly recommend to structure your code in such a way that you rarely have to use exit .

solution2
 0 ACCPTED  2019-10-04 13:59:26

To check if the email already exists in the database, just try to select a row with it in:

$stmt = $conn->prepare("SELECT * FROM cust WHERE email = ?");
$stmt->bind_param("s", $email);
$stmt->execute();
$stmt->store_result();
if ($stmt->num_rows > 0) {
    echo "This email address is already in use";
    exit;
}
$stmt->close();
// continue with insert code

In terms of your other questions, I don't see any reason to unset variables, and using prepared queries and password_hash gives you about as good protection as you can get.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Check if already a user then insert into the database php PHP how to check for email already in MySQL database? Check if username already exists in database MySQL PHP Check for existing URL in MySQL Database PHP binding parameters in MySQl and PHP MySQL/PHP check if data is in database table, if not insert it How to check whether INSERT INTO id already exist in Database (PHP) How to check if Id is already exist in mysql database using php How do I check if the same tag was already in database with PHP and Mysql? Trying to check if username already exists in MySQL database using PHP
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM