好的,我在这里不知所措。当我没有任何与数据库中的搜索匹配的内容时,我的num_rows
会返回0。我对PHP很新,所以我不知道这是否是我想要它做的正确方法。如果我不能解释为什么这不正确?
我想要的是检查数据库中是否已有电子邮件,如果没有,则将表单插入数据库。但是,即使数据库中没有与电子邮件匹配的电子邮件,它仍然表示匹配。
<?php
// Escape all $_POST variables to protect against SQL injections
$fname = $mysqli->escape_string($_POST['fname']);
$mi = $mysqli->escape_string($_POST['mname']);
$lname = $mysqli->escape_string($_POST['lname']);
$address = $mysqli->escape_string($_POST['address']);
$city = $mysqli->escape_string($_POST['city']);
$state = $mysqli->escape_string($_POST['state']);
$zipcode = $mysqli->escape_string($_POST['zipcode']);
$homePhone = $mysqli->escape_string($_POST['homePhone']);
$mobilePhone = $mysqli->escape_string($_POST['mobilePhone']);
$email = $mysqli->escape_string($_POST['email']);
$ssn = $mysqli->escape_string(password_hash($_POST['ssn'], PASSWORD_BCRYPT));
$dob = $mysqli->escape_string($_POST['dob']);
$eid = $mysqli->escape_string($_POST['eid']);
$gender = $mysqli->escape_string($_POST['gender']);
$ethnicity = $mysqli->escape_string($_POST['ethnicity']);
$status = $mysqli->escape_string($_POST['status']);
$hireDate = $mysqli->escape_string($_POST['hireDate']);
$hours = $mysqli->escape_string($_POST['hours']);
$picture = $mysqli->escape_string($_POST['picture']);
$eapAccess = $mysqli->escape_string($_POST['eapAccess']);
$password = $mysqli->escape_string(password_hash($_POST['password'], PASSWORD_BCRYPT));
$hash = $mysqli->escape_string( md5( rand(0,1000) ) );
// Check if user with that email already exists
$result = $mysqli->query("SELECT * FROM employees WHERE Email='$email'");
// User email exists if the rows returned are more than 0
if($result->num_rows > 0) {
$_SESSION['message'] = "Employee with that email already exist!";
header('location: error.php');
}
else { // Email doesn't exist in database, proceed..
$sql = "INSERT INTO employees (FirstName, Middle, LastName, Address, City, State, Zipcode, HomePhone, MobilePhone, Email, SSN, DateOfBirth, EID, Gender, Ethnicity, Status, HireDate, Hours, eapAccess, Password, hash)" . "VALUES ('$fname', '$mi', '$lname', '$address', '$city', '$state', '$zipcode', '$homePhone', '$mobilePhone', '$email', '$ssn', '$dob', '$eid', '$gender', '$ethnicity', '$status', '$hireDate', '$hours', '$eapAccess', '$password', '$hash')";
// Add employee to database
if($mysqli->query($sql)) {
$_SESSION['active'] = 0; //0 until user activates their account with verify.php
$_SESSION['logged_in'] = true; // So we know the user has logged in
$_SESSION['message'] =
"Confirmation link has been sent to $email, please verify
your account by clicking on the link in the message!";
if ($eapAccess == 'Yes') {
// Send registration confirmation link (verify.php)
}
header("location: success.php");
}
else {
$_SESSION['message'] = 'Registration failed!';
header("location: error.php");
}
}
?>