send message if user is in the database, reject if not

if (isset($submit)) {
  $getusers = mysql_query("SELECT * FROM register");
  while($getrows = mysql_fetch_array($getusers)) {
    $users = $g开发者_C百科etrows['username'];
    if ($touser == $users) {
      echo "$users";
      $send = $_GET['send'];
      if ($send == $one) {
        $query = mysql_query(
                   "INSERT INTO mailtbl VALUES 
                    (
                      '', '$touser', '$fromuser', '$subject', 
                      '$message', '0', '0', '1', '$date', '$rand'
                    )"
                 );
        $query2 = mysql_query(
                    "INSERT INTO mailtbl_admin VALUES 
                     (
                        '', '$touser', '$fromuser', '$subject', 
                        '$message', '0', '0', '1', '$date', '$rand'
                     )"
                  ); 
        $echo = "Message successfully sent."; 
      }
    } else {
      $echo = "There is no such user with the name of '$touser'";
    }
  }
  echo "$echo";
}

I am trying to write code that accepts the message to send to another user if the recipient is in my database. The problem is that I think my condition (if ($touser == $users) is wrong. $touser refers to my $_POST['recipient'] in my form and $users refer to the users in the database.

Could someone please review my code to ensure I'm on the right track?

Instead of looping through all the users in your table, why don't you instead add a WHERE statement in your SQL command like this:

"SELECT * FROM register WHERE username = '" . $touser . "'"

If you get results send the message. If you get no results, display the 'no such user' message.

Also, if you are having trouble evaluating $touser to $user, try outputting the contents of $touser to make sure it's what you think it is.

print_r($touser);