DEV Community

Discussion on: Check If Email Address Is Already Exists in The Database

Collapse
 
klnjmm profile image
Jimmy Klein

A little error in your isEmailValid function and you have a risk of SQL injection in your method isEmailExists !!

SELECT * FROM ".$tableName." WHERE email='".$email."';
Enter fullscreen mode Exit fullscreen mode

If you use mysqli extension, you have to use real_escape_string (or mysqli_real_escape_string), if you use PDO, use named parameter.

Example :

SELECT * FROM ".$tableName." WHERE email='".mysqli_real_escape_string($mysqli, $email)."';
Enter fullscreen mode Exit fullscreen mode