My first registration script problem...., Cant tell if username is taken. |
My first registration script problem...., Cant tell if username is taken. |
R1cky_Da_Man1982 |
Mar 2 2012, 03:33 PM
Post
#1
|
Newbie Group: Members Posts: 10 Joined: 1-February 12 Member No.: 16,370 |
Hi!
This is my first real php script and I guess its really basic! but I have tried lots of things to make it so the script checks the DB to see if the username entered in the registration form is taken.... such as if else statements here is what ive got so far CODE <?php $date = date('jS M Y'); $con = mysql_connect("localhost","root",""); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("login", $con); $sql="INSERT INTO members (username, password, email, registerdate) VALUES ('$_POST[username]','$_POST[password]','$_POST[email]','$date')"; if (!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); } echo "1 record added"; mysql_close($con) ?> like i said I tried adding CODE $SQL="SELECT * FROM members WHERE username = '$_POST[username]' if (!$SQL) echo "username is taken, please try another one" else then executed the insert part but all it did was skip straight to the insert part even if the username matches. is there a good way of doing this? as I say im new to php and still learning the basic techniques edit: Forgot to mention that the actual form sending the data is in a seperate page. This post has been edited by R1cky_Da_Man1982: Mar 2 2012, 03:42 PM |
Brian Chandler |
Mar 3 2012, 07:17 AM
Post
#2
|
Jocular coder Group: Members Posts: 2,460 Joined: 31-August 06 Member No.: 43 |
Hi! This is my first real php script and I guess its really basic! but I have tried lots of things to make it so the script checks the DB to see if the username entered in the registration form is taken.... such as if else statements This really is not how programming works. Just trying random things here and there is as likely to get you a working program as messing around in a junkyard is to build you a (working!) 747. You have to debug your efforts tiny bit by tiny bit. Can you get INSERT to work? ...test using mysqlphpadmin... CODE $sql="INSERT INTO members (username, password, email, registerdate) VALUES ('$_POST[username]','$_POST[password]','$_POST[email]','$date')"; This is a *bad* way to do things. If you have $_POST variables you must first check they are what you expect. E.g. usernames perhaps must be alphanumeric. Typically you copy the $_POST['email'] (should have quotes!) to a variable $email, which you know is OK, then when you put it in an SQL query you must escape any SQL sensitive characters -- mysql_real_escape() iirc -- and look up "SQL injection"! QUOTE here is what ive got so far like i said I tried adding CODE $SQL="SELECT * FROM members WHERE username = '$_POST[username]' if (!$SQL) echo "username is taken, please try another one" else If you set the variable $SQL to a string starting "SELECT...", is its value TRUE or FALSE, interpreted as a boolean (which means "inside if( )")? |
R1cky_Da_Man1982 |
Mar 4 2012, 09:33 AM
Post
#3
|
Newbie Group: Members Posts: 10 Joined: 1-February 12 Member No.: 16,370 |
Thanks I think I understand what you are saying.
So I have the insert working fine. So I sent the form info to variables. Checked them for tags etc. That all worked fine. Then again I was back at checking the username. so I decided to write this bit to check it. CODE $sql="SELECT * FROM members WHERE username = $user"; $result = mysql_query($sql); $num_rows = mysql_num_rows($result); if ($num_rows >0) echo "username taken"; but I get this error Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:\Program Files\EasyPHP-5.3.9\www\signup.php on line 25 line 25 is the bit that checks if the number of rows returned is greater than 0. surely if there isnt a match it should execute the rest of the code and if there is it should halt it? also aswell as the error it carries on with the insert anyway. edit: solved the problem.. I forgot to put the ' ' around the user variable. CODE $sql="SELECT * FROM members WHERE username = '$user'"; $result = mysql_query($sql); $num_rows = mysql_num_rows($result); if ($num_rows >0) echo "username taken"; This post has been edited by R1cky_Da_Man1982: Mar 4 2012, 09:40 AM |
Ephraim F. Moya |
Mar 4 2012, 10:40 AM
Post
#4
|
Advanced Member Group: Members Posts: 167 Joined: 2-September 07 From: New Mexico Member No.: 3,702 |
Hi! This is my first real php script and I guess its really basic! but I have tried lots of things to make it so the script checks the DB to see if the username entered in the registration form is taken.... such as if else statements here is what ive got so far [code]<?php $date = date('jS M Y'); $con = mysql_connect("localhost","root",""); ... Add this statement: error_reporting( -1 ); <?php error_reporting( -1 ); $date = date('jS M Y'); $con = mysql_connect("localhost","root",""); ... This will make php display ALL error messages. You've got alot of them. This post has been edited by Ephraim F. Moya: Mar 4 2012, 10:41 AM |
Darin McGrew |
Mar 4 2012, 12:13 PM
Post
#5
|
WDG Member Group: Root Admin Posts: 8,365 Joined: 4-August 06 From: Mountain View, CA Member No.: 3 |
And do take Brian's advice and look up "SQL injection".
|
R1cky_Da_Man1982 |
Mar 6 2012, 08:39 AM
Post
#6
|
Newbie Group: Members Posts: 10 Joined: 1-February 12 Member No.: 16,370 |
Hey guys.
So I went back over everything... and came up with this that seems to work exactly how I want it to.... CODE <?php if ($_SERVER['REQUEST_METHOD'] == 'POST'){ error_reporting( -1 ); $user = $_POST['username']; $pass = $_POST['password']; $mail = $_POST['email']; $date = date('jS M Y'); $ulength = strlen($user); $plength = strlen($pass); $mlength = strlen($mail); $user = htmlspecialchars($user); $pass = htmlspecialchars($pass); $mail = htmlspecialchars($mail); $con = mysql_connect("localhost","root",""); if (!$con) { die('Could not connect: ' . mysql_error()); } if ($ulength <=3 OR $ulength >=30) print "<center><table bgcolor=#bc003d cellspacing=2 cellpadding=4 width=450px><tr valign=middle><td bgcolor=#ffffff width=450px align=center><font color=#bc003d size=2px>the username must be between 3 and 30 characters long</font></td></tr></table></center>"; if ($plength <=8 OR $plength >=16) print "<center><table bgcolor=#bc003d cellspacing=2 cellpadding=4 width=450px><tr valign=middle><td bgcolor=#ffffff width=450px align=center><font color=#bc003d size=2px>the password must be between 8 and 16 characters long</font></td></tr></table></center>"; if ($mlength <=3 OR $mlength >=30) print "<center><table bgcolor=#bc003d cellspacing=2 cellpadding=4 width=450px><tr valign=middle><td bgcolor=#ffffff width=450px align=center><font color=#bc003d size=2px>the email must be between 3 and 30 characters long</font></td></tr></table></center>"; else { mysql_select_db("users", $con); $sql="SELECT * FROM members WHERE username = '$user'"; $result = mysql_query($sql,$con); $num_rows = mysql_num_rows($result); if ($num_rows > 0) print "<center><table bgcolor=#bc003d cellspacing=2 cellpadding=4 width=450px><tr valign=middle><td bgcolor=#ffffff width=450px align=center><font color=#bc003d size=2px>the username is taken please use a differant one!</font></td></tr></table></center>"; else { $sql="INSERT INTO members (username, password, email, registerdate) VALUES ('$user','$pass', '$mail', '$date')"; if (!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); } echo "1 record added"; } } mysql_close($con); } ?> I also took the advice and looked into sql injection attacks.. Everything seems to point towards mysql_real_escape_string... But where exactly do you implement this? And 2 more questions I have.. Is there a way to make an imput field only allow alpha/numerical values or in the case of an email alpha/numerical with only @ and . allowed? And the best way to completly remove html tags as htmlspecialchars only replaces them with safe values. This post has been edited by R1cky_Da_Man1982: Mar 6 2012, 08:58 AM |
Darin McGrew |
Mar 6 2012, 12:15 PM
Post
#7
|
WDG Member Group: Root Admin Posts: 8,365 Joined: 4-August 06 From: Mountain View, CA Member No.: 3 |
Please see the FAQ entry How can I require that fields be filled in, or filled in correctly?
|
R1cky_Da_Man1982 |
Mar 6 2012, 01:10 PM
Post
#8
|
Newbie Group: Members Posts: 10 Joined: 1-February 12 Member No.: 16,370 |
Thanks I will have a read of that and I am sorry for the constant silly questions I am really that new to php Im guessing the code I have is ok as no errors are displaying with error reporting on. Also I just found this great tutrial on validation and sanitation: validation and sanitation tutorial I found it really easy to understand. |
Lo-Fi Version | Time is now: 19th April 2024 - 05:59 AM |