I'm not sure about the title text because I don't know what I have to ask! If you know a better title please fix it!
Recently I making a login system with php but I have a question.
I have this code:
$result = mysqli_query($con,"SELECT * FROM login_info WHERE email='$email_send'");
$email_send is the email that form post to my page.
Here is my question how can I understand that email that post is exist in the login_info database?
You are almost there. Assuming an e-mails are unique in your database, you can use the following:
$result = mysqli_query( $con, "
SELECT *
FROM `login_info`
WHERE `email` = '" . mysqli_real_escape_string( $con, $email_send ) . "'
LIMIT 1");
if( mysqli_num_rows( $result ) == 1 ){
// The e-mail exists in the login_info table
} else {
// The e-mail does not exist in the login_info table
}
Using the mysqli_real_escape_string, you are preventing the SQL Injection.
Two things you need to do, validate and sanitize the email address. Please refer to http://php.net/manual/en/filter.filters.sanitize.php. Then on your MySQL query you can use MySQL's escape string function as Malcolm recommended.