The forums have permanently moved to forum.kirupa.com. This forum will be kept around in read-only mode for archival purposes. To learn how to continue using your existing account on the new forums, check out this thread.


Results 1 to 4 of 4

Thread: Detect if username exsists

  1. #1

    Detect if username exsists

    Im trying to see if a username is already taken.

    PHP Code:
    $query mysql_query("SELECT * FROM members_tbl WHERE username = ' ".$_POST['username']." '");//Edit the query to fit your needs
                            
    $result mysql_num_rows($query);
                            
                            if(
    $result[0] === ($username)) {
                                echo 
    "The username you have chosen is available"//Does not exist!
                            
    }else{
                                echo 
    "The username you have chosen already exists!"//It is there
                            

    Whats wrong with my code?

  2. #2
    1) that is a SQL injection waiting to happen. read: http://www.onlamp.com/pub/a/php/2003..._security.html . it's really unsafe to just put your POST variables into a query like that.

    2) you don't need to return all the existing user's data. their username is enough.

    3) $result isn't an array. it's a number. and if $query is NULL, $result is hosed. use something like:
    PHP Code:
    $is_taken 0;
    $username addslashes$_POST['username'] );

    $sql "SELECT username FROM members_tbl WHERE username = '$username'";

    $result mysql_query$sql );

    while( 
    $row mysql_fetch_array($result) ) {
     
    $is_taken++;
    }
    if( 
    $is_taken>) {
     echo 
    'username taken';
    }
    else {
     
    // do whatever


  3. #3
    Quote Originally Posted by bwh2 View Post
    1) that is a SQL injection waiting to happen. read: http://www.onlamp.com/pub/a/php/2003..._security.html . it's really unsafe to just put your POST variables into a query like that.

    2) you don't need to return all the existing user's data. their username is enough.

    3) $result isn't an array. it's a number. and if $query is NULL, $result is hosed. use something like:
    PHP Code:
    $is_taken 0;
    $username addslashes$_POST['username'] );

    $sql "SELECT username FROM members_tbl WHERE username = '$username'";

    $result mysql_query$sql );

    while( 
    $row mysql_fetch_array($result) ) {
     
    $is_taken++;
    }
    if( 
    $is_taken>) {
     echo 
    'username taken';
    }
    else {
     
    // do whatever

    A quicker way is:



    PHP Code:
    $username addslashes$_POST['username'] );

    $sql "SELECT username FROM members_tbl WHERE username = '$username'";

    $result mysql_query$sql );
    $total_rows mysql_num_rows($result);

    if( 
    $total_rows>) {
     echo 
    'username taken';
    }
    else {
     
    // do whatever


  4. #4

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Home About kirupa.com Meet the Moderators Advertise

 Link to Us

 Credits

Copyright 1999 - 2012