Hi all! I've been working on the validation for my web site, and I am currently trying to write a script so that if I have the following usernames in the username column of my MySQL table entitled "members":

-Jeff
-Pete
-Bob

That no one who is registering a name can take those names. If they tried to register an account with the username "Pete", they would get a JavaScript alert box that would return false to my validator script. What I tried to do was create an array of all of my site's usernames and then say "if the username you entered is in that array, display alert box and return false", but I couldn't get it just right. Please help!!! Thank you :D!

Something along the lines of:

$check_name = mysql_query("SELECT `username` FROM `users` WHERE `username` = '$requested_name'");
if (mysql_num_rows($check_name) != 0) {
  // Error, username taken
}

Do not rely on Javascript for validation, build your code assuming your users have Javascript disabled, you can always add things like alerts later.

Ooooh that makes a lot of sense. Seems I may be redoing some validation soon :P How do I use that code so it would stop the running script if it finds the requested username?

No need to 'stop' the script, in the if statement just add some code to process if the name is already in the db, add an else onto it to insert a new record if the name does not exist.

If you really want, you can use the die() function, but this will also stop and further processing of any HTML, so you may end up with half a page if this script outputs anything to the user.

Try this:

$check_name = mysql_query("SELECT `username` FROM `users` WHERE `username` = '$requested_name'");
if (mysql_num_rows($check_name) != 0) {
  // Error, username taken
} else {
  // Username is free, insert query goes here.
}

Oooh thanks! Is there a way to do that where the user doesn't lose all data they've entered into the form?

Save the form values into a session:

if(!$_SESSION) {
session_start();
}
foreach($_POST as $key => $value) {
$_SESSION[$key] = $value;
}

Then on the form set the value to the session variable, a form element with the name 'username' would be in $_SESSION, 'password' would be in $_SESSION etc.

I have a SESSION variable created on log-in with the person's username. My next question after resolving this one would be that when a user pulls up his or her profile, they system pulls up the profile based on the username stored in the SESSION variable. Is that secure enough?

And thanks so much for the info. Could you set that up on a model form for me so I can understand how it gets assembled?

:D

For input:

<input type="text" name="username" value="<?php echo $_SESSION['username'] ?>">

Textarea:

<textarea name="somename"><?php echo $_SESSION['username']?></textarea>

You get the idea?

Also, once the user has been added to the db, use session_destroy() to remove the session, preventing problems when they login.

I would say store the user ID/username and the encrypted password in the session, validate the user at the start of all files.

Yessir thank you!

How would you recommend pulling up a user's profile securely?

So if I want to create the message that explains what went wrong, whether it be "password and confirmed password do not match" or "username is already taken", how can I make it so the error appears directly under the field in question? Thanks!

This article has been dead for over six months. Start a new discussion instead.