I want to check if the username of email already exists in the DB when a user signs up to my website.
I have the following code which isn't working and i'm not sure why. If anyone could point me in the right direction to validate against already existing info in the DB I would greatly appreciate it! Thanks
$query = mysql_query("
SELECT *
FROM users
WHERE username = '". $username ."'
OR email = '". $email ."'"
);
if (mysql_num_rows($query) > 0){
die ('Username or email already in use.');
}
This can be done by changing the username field as a primary key or unique.
Or run the sql
SELECT username FROM table WHERE username='$php_username_var';
Please look at the following code, this is being used on the sign up page of my site, I hope you get your answer.
$sq="SELECT * FROM users WHERE username='$username' and password='$password'";
$rsult=mysql_query($sq); $count=mysql_num_rows ($rsult);
if($count==1){echo "username already in use"; }
else
{
$sql="INSERT INTO $tbl_name(username, password, sex, place)
VALUES('$username', '$password', '$sex', '$place')"; }
$result=mysql_query($sql); if($result)
{header("location:home.php"); }
else
{ echo "Error, please go back and sign up again! "; } ?>
Related
This is my code.
<?php
require "conn.php";
$user_name = "un";
$user_pass="123";
$mysql_qry ="select * from user where username like '$user_name' and main_password '$user_pass';";
$result = mysql_query($mysql_qry, $conn);
if(mysql_num_rows($result)>0){
echo "Login Success!";
}else{
echo "Invalid Username or Password!";
}
?>
Error message is attached herewith.
enter image description here
Please check your $result if it returns false and check your query error.
$result=mysql_query($sql);
if ($result==false)
{
die(mysql_error());
}
else
{
echo "Login Access";
}
Please check if you are able to connect to database or not (database name, username and password to connect to database is correct or not)
Check if table name user exists
Do share contents of conn.php if you are unable to resolve the issue
On a separate note
please use mysqli instead of mysql as it is deprecated
modify your query to: $mysql_qry ="select * from user where username = '$user_name' and main_password '$user_pass';"; . like is a very expensive operation
I think something wrong with your MySQL query function,
try using
$result = mysqli_query($conn, $mysql_qry);
or
$result = mysql_query($mysql_qry);
instead of
$result = mysql_query($mysql_qry, $conn);
I am wondering how this point missed.. there is an error in your sql query. There is = or like operator missing after main_password. I would not recommend to check password in your query, you should fetch record with username and check password in if condition.
$mysql_qry ="select * from user where username like '$user_name' and main_password = '$user_pass'";
Hope this helps​.
So I have an SQL database that has a table for accounts and info, and another one for storing comments on articles. I Have a form for submitting comments and it works just fine, but I wanted to implement a feature to prevent spam and non registered accounts. I was trying to find a way to make the following code work so that it would call upon my account table and check to see if the username section matches what was entered in the form.
I want it to check through my username column on the table to see if what was entered in the box is actually in the database as well, that way if it hasn't been registered it won't submit.
My problem I keep running into is that I try this
<?
if ($_POST['Uname']==`username`){
$strSQL="INSERT INTO `comments`
(`name`,`comment`,`date`,`#`) VALUES
('".$_POST['Uname']."','".$_POST['Comment']."',
'".$_POST['Date']."','".$_POST['#']."')";
}
else{
echo "Username invalid";
}
}
?>
But when I do this it thinks that "username" is what the username needs to be in order to submit properly.
I do not want every username to need to be "username" in order for them to submit, I just want it to check through my username column to see if what was entered is one of the registered usernames in the SQL column.
Im not sure if this is possible, or if I am making any sense, but this is my first post on this site and I would appreciate any help I could get.
Full code is below
<?
if ($_POST['Enter']=='Enter'){
$con = mysql_connect
("sql***.*******.com","*****","*******");
$db_selected = mysql_select_db("*********",$con); //My login
$test2=$_GET['ID']; //Ignore
$_POST['#']=$test2; //Ignore
$sql="Select * from `Articles` and `Accounts`"; //For pulling data
mysql_query($strSQL,$con);
if ( ? == ? ){ //What should go here?
$strSQL="INSERT INTO `comments`
(`name`,`comment`,`date`,`#`) VALUES
('".$_POST['Uname']."','".$_POST['Comment']."',
'".$_POST['Date']."','".$_POST['#']."')";
}
else{
echo "Username invalid";
}
}
?>
Edit
So after making the changes needed, should my previous code end up like this?
<?
if ($_POST['Enter']=='Enter'){
$con = mysql_connect
("*******","********","*****");
$db_selected = mysql_select_db("*****",$con);
$test2=$_GET['ID'];
$_POST['#']=$test2;
$username = $_POST['Uname'];
$sql = "Select `id` from `Accounts` where `username` = $username";
mysqli_num_rows($sql,$result);
$row_cnt = mysqli_num_rows($result);
printf("Result set has %d rows.\n", $row_cnt);
echo $result;
if ($row_cnt!=''){
$strSQL="INSERT INTO `comments`
(`name`,`comment`,`date`,`#`) VALUES ('".$_POST['Uname']."',
'".$_POST['Comment']."',
'".$_POST['Date']."',
'".$_POST['#']."')";
}
else{
echo "Username invalid";
}
}
?>
Obviously what you doing is not correct, as of now you are putting condition as :
if ($_POST['Uname']==`username`)
which means you saying any user who's name is 'username' should be able to comment, but what you want to achieve is, any user who is valid user and is exist in db should be able to comment. So for that you should write a select sql to check the user, :
$username = $_POST['Uname'];
$sql = "select id from yourusertable where username = $username";
then,
perform
mysqli_num_rows
to check if you get anything greater than zero. If yes, then allow to submit comments.
Simply apply the check that only loggedIn user can comment. So if the user will not exist in users table it will not be loggedIn nor can comment.
I am a beginner in PHP & MySQL, I am trying to create this register form for a project I am working on currently, here is the PHP script, btw.. If there is a lot of mistakes, it is because I have just started!
The problem I am having is that it does not check the database if the email or username match, because if it did, it should reject.
PHP code:
<?php
//register php
error_reporting(0);
$regUsername = $_POST['reg-username'];
$regEmail = $_POST['reg-email'];
$regPassword = $_POST['reg-password'];
if(isset($regUsername) && isset($regEmail) && isset($regPassword)){
$connect = mysql_connect('localhost', 'root', '');
$selectDB = mysql_select_db('supermazad');
$query = mysql_query("INSERT INTO users (username, email, password) VALUES ('$regUsername', '$regEmail', '$regPassword')");
$checkIfSame = mysql_query("SELECT * FROM users WHERE username AND email LIKE '$query' ");
echo '<h1 class="successMessage">You have successfully registered!</h1>';
}
if($regUsername || $regEmail == $checkIfSame){
echo '<h1 class="errorMessage">The username or e-mail already exists.</h1>';
}
?>
You are trying to check if the username and email already exist in the database after inserting the username and email into the database. You should check beforehand either via a select with the username and email provided in the registraton, or by placing a unique key constraint on username and email fields.
Please use mysqli instead of mysql because it's safer
remove error_reporting(0)
don't use "like" because it might have many result
syntax error on the mysql query
try this one just debug if there are error but I think this works
$regUsername = $_POST['reg-username'];
$regEmail = $_POST['reg-email'];
$regPassword = $_POST['reg-password'];
if(isset($regUsername) && isset($regEmail) && isset($regPassword)){
$mysqli = mysqli_connect("localhost","root","","supermazad") or die("Error " . mysqli_error($mysqli));
$queryInsert = "INSERT INTO users (username, email, password)
VALUES
('$regUsername', '$regEmail', '$regPassword')";
mysqli_query($mysqli, $queryInsert); //this will insert the data from db
$queryUser = "SELECT username,email FROM users WHERE username = '$regUsername' AND email = '$regEmail'"; // this will authenticate and uses an exact match
$result = $mysqli->query($queryUser);
$row = mysqli_fetch_array($result);
echo '<h1 class="successMessage">You have successfully registered!</h1>';
}
if($regUsername == $row['username'] && $regEmail == $row['email']){ //this check if email and username are match with database $row['username'] store username from mysql field and $row['email'] do the same
echo '<h1 class="errorMessage">The username or e-mail already exists.</h1>';
}
by the way this is normal for a beginner but please improve your coding in the near future, make it cleaner and organize
I think you should do it like this after $selectDB = mysql_select_db('supermazad');:
$checkIfSame = mysql_query("SELECT * FROM users WHERE username LIKE '".$regUsername."' OR email LIKE '".$regEmail."' ");
if (mysql_num_rows($checkIfSame ) > 0) {
echo '<h1 class="errorMessage">The username or e-mail already exists.</h1>';
} else {
//insert new user here
$query = mysql_query("INSERT INTO users (username, email, password) VALUES ('$regUsername', '$regEmail', '$regPassword')");
}
Also, you have this in your post :
if the email or username match
so you should be using OR, not AND
Try this:
$checkIfSame = mysql_query("SELECT * FROM users WHERE username LIKE '".$regUsername."' OR email LIKE '".$regEmail."' ");
if (mysql_num_rows($checkIfSame ) > 0) {
echo '<h1 class="errorMessage">The username or e-mail already exists.</h1>';
} else {
//insert new user here
$query = mysql_query("INSERT INTO users (username, email, password) VALUES ('$regUsername', '$regEmail', '$regPassword')");
}
I'm trying to get users email addresses when they log in so I can they can be entered into my database and given a unique ID. I've managed to retrieve user display names and store them in the database using this code however its not working with the email address.
session_start();
if(property_exists($profile->profile,'displayName')){
$_SESSION['username'] = $profile->profile->displayName;
$_SESSION['email'] = $profile->profile->email;
$_SESSION['logged']="logged";
$username = $_SESSION['username'];
$email = $_SESSION['email'];
require_once("db_connect.php");
$query="SELECT email FROM users WHERE email = '$email'";
mysqli_select_db($db_server, $db_database);
$result=mysqli_query($db_server, $query);
if($result != $email){
$query = "INSERT INTO users (username, email) VALUES ('$username', '$email')";
mysqli_query($db_server, $query) or
die("Insert failed. ". mysqli_error($db_server));
}else{
echo "Login error.";
}
mysqli_free_result($result);
require_once("db_close.php");
header('location:home.php');
}else{
$_SESSION['username'] = '(Anonymous)';
$_SESSION['logged']="logged";
header('location:home.php');
}
Thanks for your help.
It sounds like it has to do with what information the providers share by default. I believe these steps should fix it:
Log in to https://dashboard.janrain.com/
Select your Engage application
In the "Providers" box, hover over the one that you are trying to authenticate with
Click the small wrench icon that appears after you've hovered over the provider
Make sure that the "Ask" box is checked next to "email"
Let me know if that works out for you!
I have set my database fields "username" and "email" to unquie, when using the code below this only works if the "username" already exists, an error is then echoed. If they email exists the user gets a mysql duplicate error, when the same error as above should be shown.
<?php
require_once ( 'connection.php' );
$username=$_POST['username'];
$password=md5($_POST['password']);
$email=($_POST['email']);
$ip=$_SERVER['REMOTE_ADDR'];
session_start();
$query = "INSERT INTO users (username, password, email, rank, ip, active) VALUES ('$username','$password', '$email', '1', '$ip', '0')";
$sql = "SELECT username AND email FROM users WHERE username = '$username' AND email = '$email'" ;
$result=mysql_query($sql);
$count=mysql_num_rows($result);
$row = mysql_fetch_array($result);
if ( $count== 0 )
{
if (!mysql_query($query))
{
die('Error: ' . mysql_error());
}
echo "You are signed up, please follow the link on your email to active your account.";
}
else
{
echo "Username or Email already exists"."<br>Try Again</br>";
}
?
Thanks
Try switching
WHERE username = '$username' AND email = '$email'"
to
WHERE username = '$username' OR email = '$email'"
Edit: I'm trying to guess what you're trying to do here. From your description, it seems you want either the username or the email to be unique and you have two separate unique indexes on those columns. Your code checks for the combination of username and email to be unique.
Edit 2: Also, I think you might want to look into the concepts of SQL Injection and Concurrency.
Switch to an OR clause in your WHERE statement instead of AND.
Also, DO NOT use the values given in $_POST (or $_GET and $_REQUEST for that matter) without making sure they are safe. What would happen if I sent a username with SQL in it?
','','','','',''); DELETE FROM users;
Make sure you using add_slashes() or a similar process to clean the data before sending to the database.