I am creating a registration system on top of a system I found on the net. In my system there are only 2 fields email and password, and the password will already be pre-registered, thus only the user will have to fill in the email. I am having problems when I consult the database, because I can not feed this information in the email, it follows code where I have questions about how to do this query.
if (!$this->db_connection->connect_errno) {
// escaping, additionally removing everything that could be (html/javascript-) code
$user_email = $this->db_connection->real_escape_string(strip_tags($_POST['user_email'], ENT_QUOTES));
$user_password = $_POST['user_password_new'];
$sql = "SELECT * FROM users WHERE user_pass = '" . $user_password . "';";
$query_check_user_password = $this->db_connection->query($sql);
if ($query_check_user_password->num_rows == 1) {
// check if user or email address already exists
$sql = "SELECT * FROM users WHERE user_email = '" . $user_email . "';";
$query_check_user_name = $this->db_connection->query($sql);
if ($query_check_user_name->num_rows == 1) {
$this->errors[] = "Sorry, that email address is already taken.";
} else {
// write new user's data into database
$sql = "INSERT INTO users (user_pass, user_email) VALUES('" . $user_password . "', '" . $user_email . "');";
$query_new_user_insert = $this->db_connection->query($sql);
// if user has been added successfully
if ($query_new_user_insert) {
$this->messages[] = "Your account has been created successfully. You can now log in.";
} else {
$this->errors[] = "Sorry, your registration failed. Please go back and try again.";
}
}
}else {
$this->errors[] = "Sorry, that password is invalid.";
}
}