how can detect if the username is already exist??
i don't what is lacking in my code. this is my code:

<?php
include( "db.php" );

$first = strip_tags(mysql_real_escape_string($_POST['first']));
$last = strip_tags(mysql_real_escape_string($_POST['last']));
$username = strip_tags(mysql_real_escape_string($_POST['username']));
$password = strip_tags(mysql_real_escape_string($_POST['password']));
 $password2 = strip_tags(mysql_real_escape_string($_POST['password2']));
 $passwordmd5 = md5($password);
if( empty($first) || empty($last) ||empty($username) || empty($password) || empty($password2))
    {
    echo "ALL fields required";
    }
else{
$userQ = mysql_query("SELECT * FROM admin WHERE 'username' = '{$username}'");
if ($password !== $password2)
{
echo "do not match";
}
else{
mysql_query("INSERT INTO admin (first, last,username,password) Values ('{$first}','{$last}','{$username}','{$passwordmd5}')");
echo "Your Succesfully Registered!";
header("location: adminlogin.php");
}
}
?>

when i click on the register button I can still register even if the username is already exist. thanks in advance..hope u can help me this simple problem.

have you set your DB column for the Username as UNIQUE?

you will also need to compare $username to an array of stored usernames from the DB

On line 15, you performed your query, but I don't see where you checked to see if there was a match. You didn't check the result against anything.

Member Avatar

Your code just highlights the need to move to mysqli or PDO. The cleaning is pretty horrible. Look up 'parameterized binding'.

Anyway:

"SELECT * FROM admin WHERE 'username' = '{$username}'"

is wrong as you've enclosed the username field within single quotes - use backticks instead - and you don't need {braces} unless you have array items, object properties or are placing them directly before text:

"SELECT * FROM admin WHERE `username` = '$username'"

still learning sql, does this work
if mysql_query("SELECT username FROM admin WHERE 'username' = '$username';) { die('username already registered'); }

maybe this could help you..hope this will work

<?php
include( "db.php" );

$first = strip_tags(mysql_real_escape_string($_POST['first']));
$last = strip_tags(mysql_real_escape_string($_POST['last']));
$username = strip_tags(mysql_real_escape_string($_POST['username']));
$password = strip_tags(mysql_real_escape_string($_POST['password']));
 $password2 = strip_tags(mysql_real_escape_string($_POST['password2']));
 $passwordmd5 = md5($password);
if( empty($first) || empty($last) ||empty($username) || empty($password) || empty($password2))
    {
    echo "ALL fields required";
    }
else{
$userQ = mysql_query("SELECT * FROM admin WHERE 'username' = '$username'");
if (mysql_num_rows($userQ) == 1)
{
echo"This user already exists.";
}

if ($password !== $password2)
{
echo "do not match";
}
else{
mysql_query("INSERT INTO admin (first, last,username,password) Values ('{$first}','{$last}','{$username}','{$passwordmd5}')");
echo "Your Succesfully Registered!";
header("location: adminlogin.php");
}
}
?>

Anyone...I'm in the process of learning some PHP....

Why does the SQL field require ticks or single quotes?

 ...SELECT * FROM admin WHERE 'username' = ...
Member Avatar

@Jorge

This is MySQL rather than PHP I think, but anyway...

As Squidge states, backticks help MySQL discern reserved words from fieldnames. Most of the time you don't need backticks, but you should NEVER use any type of quotes for fieldnames. As it happens username is not a reserved word and as such does not need backticks anyway. However, I find it good practice to use them as the list of reserved words is quite long and it's not always obvious when you get an error due to lack of backticks. :)

commented: much better explaination :) +6

Ah I see. My experience is with asp.net and MSSQL and in SQL I general place brackets around the field name for this same reason or when a field has more than one word..sauch as...

  ...SELECT * FROM admin WHERE [User Name] = ...

I had assumed the ticks was a PHP thing not MySQL. Anyways thanks for the clarification as I'm trying to learn some PHP these days... Been reading the online manual.

Member Avatar

Yes, several words in a fieldname also require a backtick. Good point. However - personally, I avoid such things and introduce underscores instead of spaces.