PHP and MySQL - check if username is complete

Question

PHP and MySQL - check if username is complete

Now the problem is that the code could not verify that the username has already been executed, is there any code in the database that can verify the username?

I experiment with some of my codes, and then probably looked for it also in Stack about this problem. I tried this solution , but apparently it gives me errors. When I tried, warning:

mysql_query () expects parameter 2 to be a resource, the object specified in C: ... on line ...

and the problem

mysql_num_rows () expects parameter 1 to be a resource, null is specified in C: ... on line ...

I am really looking for a solution to this problem or a tutorial on how to solve this problem.

My code is:

<?php require_once("functions.php"); require_once("db-const.php"); session_start(); if (logged_in() == true) { redirect_to("profile.php"); } ?> <?php ?> <html> <head> <title>Prospekt Member Area</title> </head> <body> <h1> Register Here </h1> <h2>&copy; Kirk Niverba</h2> <hr /> <!-- The HTML registration form --> <form action="<?=$_SERVER['PHP_SELF']?>" method="post"> Username: <input type="text" name="username" /><br /> Password: <input type="password" name="password" /><br /> First name: <input type="text" name="first_name" /><br /> Last name: <input type="text" name="last_name" /><br /> Email: <input type="type" name="email" /><br /> <input type="submit" name="submit" value="Register" /> <a href="login.php">Already have an account?</a> </form> <?php if ($_SERVER['REQUEST_METHOD'] == 'POST') { if (empty($_POST['username']) || empty($_POST['password']) || empty($_POST['first_name']) || empty($_POST['last_name']) || empty($_POST['email'])) { echo "Please fill all the fields!"; } elseif (isset($_POST['submit'])) { ## connect mysql server $mysqli = new mysqli(localhost, root, "", loginsecure); # check connection if ($mysqli->connect_errno) { echo "<p>MySQL error no {$mysqli->connect_errno} : {$mysqli->connect_error}</p>"; exit(); } ## query database # prepare data for insertion $username = $_POST['username']; $mainpass = $_POST['password']; $password = hash('sha256', $mainpass); $first_name = $_POST['first_name']; $last_name = $_POST['last_name']; $email = $_POST['email']; # check if username and email exist else insert // u = username, e = emai, ue = both username and email already exists $user = $_POST['username']; $usernamecheck=mysql_query("SELECT username FROM users WHERE username='$user'", $mysqli); if (mysql_num_rows($usernamecheck)>=1){ echo $user." is already taken"; } else{ # insert data into mysql database $sql = "INSERT INTO `users` (`id`, `username`, `password`, `first_name`, `last_name`, `email`) VALUES (NULL, '{$username}', '{$password}', '{$first_name}', '{$last_name}', '{$email}')"; if ($mysqli->query($sql)) { header("Location: checklogin.php?msg=Registered Successfully!"); } else { echo "<p>MySQL error no {$mysqli->errno} : {$mysqli->error}</p>"; exit(); } } } } ?> <hr /> </body> </html>

+5

php mysql

virtualAnon Jul 30 '16 at 7:46

source share

3 answers

In the lines you get errors, replace "mysql_query" for "mysqli_query" and "mysql_num_rows" for "mysqli_num_rows". This is because you cannot mix mysql calls with mysli connections.

+3

Federico martinez Jul 30 '16 at 7:55

source share

This can be convenient with a single mysql constraint .

 username varchar(50) NOT NULL, //other fields, UNIQUE (username)

For the php part, you can use mysql_query to select the desired username to validate and submit the form only if mysql_num_rows returns 0.

+1

Alexandre Martin Jul 30 '16 at 7:55

source share

Ramraider · Accepted Answer · 2016-07-30T08:21:30+0000

As an example of how to use prepared statements, you could use the following (not tested btw)

In the source code, you sent headers after the output of the html code - this will cause an error if you do not use output buffering, so I moved all the relevant PHP code before any html content was created, and if there were any errors, print them later.

I also noticed that the parameters for the mysqli connection were not specified - if they were defined as constants, then this would be good, otherwise it could also cause errors.

Keep mysqli or pdo - as you can better protect your sites from malicious users when you accept prepared statements, as I tried to show here.

 <?php require_once("functions.php"); require_once("db-const.php"); session_start(); if (logged_in() == true) { redirect_to("profile.php"); } $errors=array(); if( $_SERVER['REQUEST_METHOD'] == 'POST' ) { if( isset( $_POST['username'], $_POST['password'], $_POST['first_name'], $_POST['last_name'], $_POST['email'] ) ) { $username = !empty( $_POST['username'] ) ? $_POST['username'] : false; $mainpass = !empty( $_POST['password'] ) ? $_POST['password'] : false; $password = !empty( $mainpass ) ? hash('sha256', $mainpass) : false; $first_name = !empty( $_POST['first_name'] ) ? $_POST['first_name'] : false; $last_name = !empty( $_POST['last_name'] ) ? $_POST['last_name'] : false; $email = !empty( $_POST['email'] ) ? $_POST['email'] : false; if( $username && $password ){ $mysqli = new mysqli( DB_HOST, DB_USER, DB_PASS, DB_NAME ); if( $mysqli->connect_errno ) { $errors[]=$mysqli->connect_error; } else { /* Assume all is ok so far */ $sql='select username from users where username=?'; $stmt=$mysqli->prepare($sql); $stmt->bind_param('s',$username); $stmt->execute(); $stmt->bind_result( $found ); $stmt->fetch(); if( !$found ){ /* username is not alreday taken */ $sql='insert into `users` (`username`,`password`,`first_name`,`last_name`,`email`) values (?,?,?,?,?);'; $stmt=$mysqli->prepare( $sql ); $stmt->bind_param('sssss',$username,$password,$first_name,$last_name,$email); $stmt->execute(); header("Location: checklogin.php?msg=Registered Successfully!"); } else { /* username is taken */ $errors[]='Sorry, that username is already in use.'; } } } } else { $errors[]='Please fill in all details'; } } ?> <html> <head> <title>Prospekt Member Area</title> </head> <body> <h1> Register Here </h1> <h2>&copy; Kirk Niverba</h2> <hr /> <!-- The HTML registration form --> <form action="<?=$_SERVER['PHP_SELF']?>" method="post"> Username: <input type="text" name="username" /><br /> Password: <input type="password" name="password" /><br /> First name: <input type="text" name="first_name" /><br /> Last name: <input type="text" name="last_name" /><br /> Email: <input type="type" name="email" /><br /> <input type="submit" name="submit" value="Register" /> <a href="login.php">Already have an account?</a> </form> <?php if( !empty( $errors ) ){ echo implode( '<br />', $errors ); } ?> <hr /> </body> </html>

PHP and MySQL - check if username is complete

More articles: