database - Using $wpdb | checking entered email against existing emails in db

Without ranting too much, here is my snippet:

if (empty($_POST["email"])) {
    $emailErr = "Email is required";
} else {
    $email = test_input($_POST["email"]);

    // check if e-mail address is well-formed
    if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { 
        $emailErr = "Invalid email format"; 
    } else {
        $emailTest = 'SELECT * FROM wp_email_subscribers WHERE email = '.$email;
        var_dump($email);
        var_dump($emailTest);
        $duplicateEmail = $wpdb->get_results($emailTest, OBJECT) or die(mysql_error());

        if (mysql_num_rows($duplicateEmail)!=0) {
            $emailErr = "Email address taken";
        }
    }
}

Can anyone help me check the database for the entered email address and return an error if the email is already in the database?

Thanks, Jason.

Without ranting too much, here is my snippet:

if (empty($_POST["email"])) {
    $emailErr = "Email is required";
} else {
    $email = test_input($_POST["email"]);

    // check if e-mail address is well-formed
    if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { 
        $emailErr = "Invalid email format"; 
    } else {
        $emailTest = 'SELECT * FROM wp_email_subscribers WHERE email = '.$email;
        var_dump($email);
        var_dump($emailTest);
        $duplicateEmail = $wpdb->get_results($emailTest, OBJECT) or die(mysql_error());

        if (mysql_num_rows($duplicateEmail)!=0) {
            $emailErr = "Email address taken";
        }
    }
}

Can anyone help me check the database for the entered email address and return an error if the email is already in the database?

Thanks, Jason.

• database
• forms
• wpdb
• validation

Share Improve this question asked Feb 13, 2019 at 12:30 Jason Is My NameJason Is My Name 37822 gold badges77 silver badges2121 bronze badges 4

• You can use wordpress default function for check email in users table like if ( email_exists( $email ) ) {} – Pratik Patel Commented Feb 13, 2019 at 12:33
• souunds very helpful, how can i chose which database to search? – Jason Is My Name Commented Feb 13, 2019 at 12:47
• You can't. It's only for checking if an email exists in the WordPress users table. It's not a good suggestion. – Jacob Peattie Commented Feb 13, 2019 at 13:02
• Okay - back to my original question then c: – Jason Is My Name Commented Feb 13, 2019 at 13:02

Add a comment  | 

1 Answer 1

Sorted by: Reset to default 1

You shouldn't be using mysql_num_rows() or mysql_error() when dealing with $wpdb. Even if you weren't, mysql_error() is for database errors, and an empty result set is not a database error.

If you want to know if results were returned, simply check the count() of the results:

$duplicateEmail = $wpdb->get_results($emailTest, OBJECT);

if ( count( $duplicateEmail ) > 0 ) {
    // Email already exits.
}

In terms of 'returning an error', that depends entirely on the context. If you just want a blank screen with an error message, then you could just use wp_die():

$duplicateEmail = $wpdb->get_results($emailTest, OBJECT);

if ( count( $duplicateEmail ) > 0 ) {
    wp_die( 'Email already exits.' );
}

Or if this is an AJAX request you could use wp_send_json_error() to return a 400 error code with a message in JSON:

$duplicateEmail = $wpdb->get_results($emailTest, OBJECT);

if ( count( $duplicateEmail ) > 0 ) {
    wp_send_json_error( 'Email already exits.', 400 );
}

Also, you really should not put variables directly into SQL unescaped like you are. This leaves you vulnerable to SQL injection attacks. Instead use $wpdb->prepare() to generate the query including your variable. You should also use $wpdb->prefix so that the query works even if the user is using a database prefix other than wp_:

$query   = $wpdb->prepare( "SELECT * FROM {$wpdb->prefix}email_subscribers WHERE email = %s", $email );
$results = $wpdb->get_results( $query );

if ( count( $results ) > 0 ) {
    wp_send_json_error( 'Email already exits.', 400 );
}