Registration page, email address or password there is a check

Question

Registration page, email address or password there is a check

I wrote a PHP registration page using prepared statements. My question is pretty simple. When a user is registered, I want to make sure that they are not registered under the same username or email as the other person. Therefore, as part of my verification procedure, I run two queries, one of which checks if mail exists and checks if the username exists. My question is, is there a better method? I feel that doing more than one request may somehow sacrifice some performance. Can such a result affect performance? I understand that I could run "SELECT * FROM table WHERE username = ? or email = ?", But I would like the user to know that they did wrong, and not just as generic. "Currently your username or email is used, feel free to use the trial version and error to find, I’m probably just paranoid about speed, but I was just curious to know what everyone else thinks about this.

+4

php mysqli prepared-statement

Sam Jul 03 '12 at 11:42

source share

6 answers

Oleg V. Volkov · Answer 1 · 2012-07-03T11:48:35+0000

Run the query using OR and check the results to report exactly what you found.

However, depending on the internal database and indexing, two separate queries may even be faster than OR'ed together. It’s best to check all cases (find one, find both, find no) for a specific answer about your environment.

Gaurab pradhan · Answer 2 · 2012-07-03T11:55:27+0000

In the database in which you store information about the user, the uniqueness of the username and email. Like a primary key.

Ionut Flavius Pogacian · Answer 3 · 2012-07-03T11:51:46+0000

Your request is good; You will have 1 or 2 results; 2 if registration exists only with e-mail or only with a nickname; 1, if the registration has an email address and a pseudonym; use JS and specify the reasons to the right of the input fields

raina77ow · Answer 4 · 2012-07-03T11:51:46+0000

Well, I suppose this would be the easiest way:

 SELECT IF(username = :username_to_check, 1, 0) AS dup_username FROM users WHERE username = :username_to_check OR email = :email_to_check

Then you check: 1) the number of rows - if it is 0, no duplicates were found; 2) flag dup_username of your result, if the number of lines> 0.

Here is an example for playback.

Lamis · Answer 5 · 2012-07-03T11:52:05+0000

I don't think this is bad for performance

if you select a query that receives one row from the table; from let says thousands of lines; then the hit is not mentioned at all.

What will be your performance - these are connection requests that require a lot of resources, which does not happen in your case ...

I believe that it is safe to use it separately, we do it on our website, which currently has more than a million users.

also try running this query on mysql server and see how long it may take (especially for more complex queries)

Theron084 · Answer 6 · 2012-07-03T11:53:24+0000

  $result = mysql_query("SELECT * FROM table1 WHERE Username = ''", $link); $num_rows = mysql_num_rows($result); $result2 = mysql_query("SELECT * FROM table1 WHERE Email= ''", $link); $num_rows2 = mysql_num_rows($result2); $checkUsrN = false; $checkEmail = false; $mesg = "The following is bad: "; if($num_rows == 0) { $checkUsrN = true; } else{ $mesg .= "Username"; } if($num_rows2 == 0) { $checkEmail = true; } else{ $mesg .= "Email"; } if($checkUsrN == false || $checkEmail == false) { echo $mesg; break; }

How is this for your purpose?

Registration page, email address or password there is a check

More articles: