I have a table in the database that looks like this
id | |
---|---|
1 | user@domain.com |
2 | user@domain2.com |
3 | user@domain3.com |
I have a form that looks like this
<form action="action.php" method="post" class="email-form" name="email-form"> <label for="email">Enter Email</label> <input type="email" class="email" id="email" name="email"> <input type="submit" class="submit-email" name="submit-email" value="submit Email"> </form>
In the backend I’m trying to match the input email domain with the ones in the database, after “@”.
What I’ve tried (if user enters: test@domain2.com)
$email = $_POST["email"]; $emailDomain = explode("@",$email); $emailDomain = $emailDomain[1]; /*I get the value domain2.com*/
How should I add a Query that matches $emailDomain
with the database’s email domain.
I know that if I add
$sql = "SELECT * FROM table_name WHERE email = $emailDomain";
It will look for the exact email I want to look for whats after “@” in the email section
Advertisement
Answer
You already have the part after the @
stored in $emailDomain
. Simply check whether the email field contains this value with the LIKE
operator:
SELECT * FROM table_name WHERE email LIKE '%value%'
However, note that you cannot simply substitute value
with your $emailDomain
in the above query, as this would make it vulnerable to SQL injection. Instead, make sure to paramaterise the query, and use a prepared statement to avoid SQL injection:
$conn = new mysqli($servername, $username, $password, $dbname); $email = $_POST["email"]; $emailDomain = explode("@", $email); $emailDomain = $emailDomain[1]; $param = "%{$emailDomain}%"; $stmt = $conn->prepare("SELECT * FROM table_name WHERE email LIKE ?"); $stmt->bind_param("s", $param); $stmt->execute(); $stmt->bind_result($result); // Store the output in $result