Everybody! This is important. In a few days, these forums will be moving over to using the totally sweet Discourse platform. To ensure this migration happens smoothly with no loss of content, these forums are currently in a read-only mode. I do apologize for the inconvenience.

There is never a good time to turn the forums off for an extended period of time, but I promise the new forums will be a billion times better. I'm pretty sure of it.

See you all on the other side in a few days, and if you have any (non-technical) questions, please e-mail me at kirupa@kirupa.com. For technical questions, try to find a tutorial that corresponds to what you are looking for and post in the comments section of that page.

Cheers,
Kirupa

Results 1 to 4 of 4

Thread: Detect if username exsists

  1. #1

    Detect if username exsists

    Im trying to see if a username is already taken.

    PHP Code:
    $query mysql_query("SELECT * FROM members_tbl WHERE username = ' ".$_POST['username']." '");//Edit the query to fit your needs
                            
    $result mysql_num_rows($query);
                            
                            if(
    $result[0] === ($username)) {
                                echo 
    "The username you have chosen is available"//Does not exist!
                            
    }else{
                                echo 
    "The username you have chosen already exists!"//It is there
                            

    Whats wrong with my code?

  2. #2
    1) that is a SQL injection waiting to happen. read: http://www.onlamp.com/pub/a/php/2003..._security.html . it's really unsafe to just put your POST variables into a query like that.

    2) you don't need to return all the existing user's data. their username is enough.

    3) $result isn't an array. it's a number. and if $query is NULL, $result is hosed. use something like:
    PHP Code:
    $is_taken 0;
    $username addslashes$_POST['username'] );

    $sql "SELECT username FROM members_tbl WHERE username = '$username'";

    $result mysql_query$sql );

    while( 
    $row mysql_fetch_array($result) ) {
     
    $is_taken++;
    }
    if( 
    $is_taken>) {
     echo 
    'username taken';
    }
    else {
     
    // do whatever


  3. #3
    Quote Originally Posted by bwh2 View Post
    1) that is a SQL injection waiting to happen. read: http://www.onlamp.com/pub/a/php/2003..._security.html . it's really unsafe to just put your POST variables into a query like that.

    2) you don't need to return all the existing user's data. their username is enough.

    3) $result isn't an array. it's a number. and if $query is NULL, $result is hosed. use something like:
    PHP Code:
    $is_taken 0;
    $username addslashes$_POST['username'] );

    $sql "SELECT username FROM members_tbl WHERE username = '$username'";

    $result mysql_query$sql );

    while( 
    $row mysql_fetch_array($result) ) {
     
    $is_taken++;
    }
    if( 
    $is_taken>) {
     echo 
    'username taken';
    }
    else {
     
    // do whatever

    A quicker way is:



    PHP Code:
    $username addslashes$_POST['username'] );

    $sql "SELECT username FROM members_tbl WHERE username = '$username'";

    $result mysql_query$sql );
    $total_rows mysql_num_rows($result);

    if( 
    $total_rows>) {
     echo 
    'username taken';
    }
    else {
     
    // do whatever


  4. #4

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Home About kirupa.com Meet the Moderators Advertise

 Link to Us

 Credits

Copyright 1999 - 2012