I am creating a web app to allow database creation though, I want to restrict the creation to one database per user , also i have not yet implemented any security at this point my concern is the logic. I will implement security after I have the correct logic. So please give advice on the logic.
I am looking for advice to see how I can improve this script. It is functional and does work at this point.
//define connection
$conn = mysqli_connect('localhost', 'root','XXXXX','billing');
//Variables
$UserEmail = $_SESSION['email'];
$MysqlUserDataBaseCreate = $_POST['create_database'];
//CheckIfUserExists
$SeeIfUserExist = "SELECT * FROM database_users WHERE email='$UserEmail';";
$SqlQueryUserCheck = mysqli_query($conn,$SeeIfUserExist);
$CheckIfRowDataExist = mysqli_num_rows($SqlQueryUserCheck);
//ToCreateDataBaseAndUser
if($CheckIfRowDataExist < 1){
$InsertDataBaseIntel ="INSERT INTO database_users(email,check_if_created) VALUES ('$UserEmail','$MysqlUserDataBaseCreate');";
mysqli_query($conn,$InsertDataBaseIntel);
$CreateDataBaseForUser ="CREATE DATABASE $MysqlUserDataBaseCreate ;";
mysqli_query($conn,$CreateDataBaseForUser);
}else{
echo 'you are restrictd to one database';
}
?>