$valid = mysqli_query($com,"select username,email from company_profile where username = ".$uname." or email = ".$email." ");
if ($valid=="")
{echo "email n username exists";}
else
{
echo "reg success";
}
Here is my code, it doesn't work is i was also sure. want to return result weather email or username exists in db or not. what's the way to do it.
分享 The mysqli_query method returns a resultset, not a scalar.
$result = mysqli_query($com, "SELECT ...", MYSQLI_STORE_RESULT);
if ( $result->num_rows() > 0 ) {
echo "query returned at least one row";
}
The code looks vulnerable to SQL injection, we don't see any references to the mysqli_real_escape_string function.
We'd prefer to see a prepared statement with bind variables, e.g.
if ($stmt = mysqli_prepare($com, "SELECT username,email from company_profile"
. " where username = ? OR email = ? "))
{
mysqli_stmt_bind_param($stmt, "ss", $uname, $email);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
while ($row = mysqli_fetch_array($result))
{
}
mysqli_stmt_close($stmt);
}
