How can the code for checking user existence and activation be improved to adhere to best practices in PHP development?
The code for checking user existence and activation can be improved by separating concerns and using prepared statements to prevent SQL injection. Additionally, it's a good practice to use proper error handling to provide meaningful feedback to the user.
// Check user existence and activation
$stmt = $pdo->prepare("SELECT * FROM users WHERE email = :email");
$stmt->bindParam(':email', $email);
$stmt->execute();
$user = $stmt->fetch();
if ($user) {
if ($user['activated'] == 1) {
// User exists and is activated
// Proceed with further actions
} else {
echo "User account not activated. Please check your email for activation instructions.";
}
} else {
echo "User not found. Please sign up for an account.";
}
Related Questions
- What potential security risks are associated with the code snippet provided for logging in a user and storing their ID in a session?
- How can PHP code be structured to ensure that the updated variables are displayed immediately after executing an update?
- What are the best practices for handling PHP variables in SQL queries to avoid errors like "Unknown column"?