0

how can detect if the username is already exist??
i don't what is lacking in my code. this is my code:

<?php
include( "db.php" );

$first = strip_tags(mysql_real_escape_string($_POST['first']));
$last = strip_tags(mysql_real_escape_string($_POST['last']));
$username = strip_tags(mysql_real_escape_string($_POST['username']));
$password = strip_tags(mysql_real_escape_string($_POST['password']));
 $password2 = strip_tags(mysql_real_escape_string($_POST['password2']));
 $passwordmd5 = md5($password);
if( empty($first) || empty($last) ||empty($username) || empty($password) || empty($password2))
    {
    echo "ALL fields required";
    }
else{
$userQ = mysql_query("SELECT * FROM admin WHERE 'username' = '{$username}'");
if ($password !== $password2)
{
echo "do not match";
}
else{
mysql_query("INSERT INTO admin (first, last,username,password) Values ('{$first}','{$last}','{$username}','{$passwordmd5}')");
echo "Your Succesfully Registered!";
header("location: adminlogin.php");
}
}
?>

when i click on the register button I can still register even if the username is already exist. thanks in advance..hope u can help me this simple problem.

6
Contributors
10
Replies
40
Views
4 Years
Discussion Span
Last Post by diafol
Featured Replies
  • 1
    diafol 3,720   4 Years Ago

    @Jorge This is MySQL rather than PHP I think, but anyway... As Squidge states, backticks help MySQL discern reserved words from fieldnames. Most of the time you don't need backticks, but you should NEVER use any type of quotes for fieldnames. As it happens **username** is not a reserved word … Read More

0

have you set your DB column for the Username as UNIQUE?

you will also need to compare $username to an array of stored usernames from the DB

Edited by Squidge

0

On line 15, you performed your query, but I don't see where you checked to see if there was a match. You didn't check the result against anything.

0

Your code just highlights the need to move to mysqli or PDO. The cleaning is pretty horrible. Look up 'parameterized binding'.

Anyway:

"SELECT * FROM admin WHERE 'username' = '{$username}'"

is wrong as you've enclosed the username field within single quotes - use backticks instead - and you don't need {braces} unless you have array items, object properties or are placing them directly before text:

"SELECT * FROM admin WHERE `username` = '$username'"
0

still learning sql, does this work
if mysql_query("SELECT username FROM admin WHERE 'username' = '$username';) { die('username already registered'); }

Edited by almostbob

0

maybe this could help you..hope this will work

<?php
include( "db.php" );

$first = strip_tags(mysql_real_escape_string($_POST['first']));
$last = strip_tags(mysql_real_escape_string($_POST['last']));
$username = strip_tags(mysql_real_escape_string($_POST['username']));
$password = strip_tags(mysql_real_escape_string($_POST['password']));
 $password2 = strip_tags(mysql_real_escape_string($_POST['password2']));
 $passwordmd5 = md5($password);
if( empty($first) || empty($last) ||empty($username) || empty($password) || empty($password2))
    {
    echo "ALL fields required";
    }
else{
$userQ = mysql_query("SELECT * FROM admin WHERE 'username' = '$username'");
if (mysql_num_rows($userQ) == 1)
{
echo"This user already exists.";
}

if ($password !== $password2)
{
echo "do not match";
}
else{
mysql_query("INSERT INTO admin (first, last,username,password) Values ('{$first}','{$last}','{$username}','{$passwordmd5}')");
echo "Your Succesfully Registered!";
header("location: adminlogin.php");
}
}
?>
0

Anyone...I'm in the process of learning some PHP....

Why does the SQL field require ticks or single quotes?

 ...SELECT * FROM admin WHERE 'username' = ...
1

@Jorge

This is MySQL rather than PHP I think, but anyway...

As Squidge states, backticks help MySQL discern reserved words from fieldnames. Most of the time you don't need backticks, but you should NEVER use any type of quotes for fieldnames. As it happens username is not a reserved word and as such does not need backticks anyway. However, I find it good practice to use them as the list of reserved words is quite long and it's not always obvious when you get an error due to lack of backticks. :)

Edited by diafol

Votes + Comments
much better explaination :)
0

Ah I see. My experience is with asp.net and MSSQL and in SQL I general place brackets around the field name for this same reason or when a field has more than one word..sauch as...

  ...SELECT * FROM admin WHERE [User Name] = ...

I had assumed the ticks was a PHP thing not MySQL. Anyways thanks for the clarification as I'm trying to learn some PHP these days... Been reading the online manual.

0

Yes, several words in a fieldname also require a backtick. Good point. However - personally, I avoid such things and introduce underscores instead of spaces.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.