ISSET Php mysql [duplicate]

ISSET Php mysql [duplicate] - php

This question already has answers here:
isset() function is returning true even when item is not set
(4 answers)
Closed 9 years ago.
guys how come whenever i click submit button on my form without any data in the textbox, it's saying echo 'Either your username, or email is already taken!'; . How come it still passes through this despite of the form not having any data? what could be the best explanation?
if(isset($_POST['username']) && isset($_POST['email']))
{
$username = $_POST['username'];
$email = $_POST['email'];
$extract= mysql_query("SELECT * FROM users where username='$username'");
$resultq = mysql_num_rows($extract);
if($resultq > 0)
{
echo 'Either your username, or email is already taken!';
return;
}
}
Please hi'm stuck with this line for 12 hours, i can't seem to move on :(

isset renders true for empty string. it checks the existence of a variable. Here is a detailed explanation.
You should use if (trim($_POST['username']) != "")

if(isset($_POST['submit']))
{
$username = $_POST['username'];
$email = $_POST['email'];
$extract= mysql_query("SELECT * FROM users where username='$username'");
$resultq = mysql_num_rows($extract);
if($resultq > 0)
{
echo 'Either your username, or email is already taken!';
return;
}
}

You can also try !empty :
If you want to check both username OR email if already exist you also need to check email in select query
if(!empty($_POST['username']) && !empty($_POST['email']))
{
$username = $_POST['username'];
$email = $_POST['email'];
$extract= mysql_query("SELECT * FROM users where username='$username' OR email='$email'");
$resultq = mysql_num_rows($extract);
if($resultq > 0)
{
echo 'Either your username, or email is already taken!';
return false;
}
else
{
echo 'Accept';
return true;
}
}

Related

What do I have to do to my code so it will only create the account if the email doesn't already exist in the Database? [duplicate]

This question already has answers here:
How can I do 'insert if not exists' in MySQL?
(11 answers)
Closed 8 years ago.
<?php
$errorMessage = "";
// start the session and register the session variables
session_start("ProtectVariables");
// get the command value (use request since both post and get are used
$firstname = $_POST['firstNameZ'];
$lastname = $_POST['lastNameZ'];
$password = $_POST['passwordZ'];
$email = $_POST['emailZ'];
$sql = "SELECT email FROM account WHERE email='" . $email . "'";
$result = mysql_query($sql,$db);
while ($myrow = mysql_fetch_array($result)) {
if ($email == $myrow['email']) {
$errorMessage = "Account with that email already exists";
} else {
$errorMessage = "Email doesn't match!";
}
}
if ($_POST['submit']) {
$sql_insert = "INSERT INTO account (firstname,lastname,password,email) VALUES ('$firstname','$lastname','$password','$email')";
$result_insert = mysql_query($sql_insert,$db);
}
?>
When I fill in the form and hit submit it just inserts into the database even though the emails are the same. I tried putting the if statement with the submit button into the while loop but that didn't work either.

Use mysql_num_rows function to check weather the user already exist on the database or not. Use the code below
<?php
$errorMessage = "";
// start the session and register the session variables
session_start("ProtectVariables");
// get the command value (use request since both post and get are used
$firstname = $_POST['firstNameZ'];
$lastname = $_POST['lastNameZ'];
$password = $_POST['passwordZ'];
$email = $_POST['emailZ'];
$sql = "SELECT email FROM account WHERE email='" . $email . "'";
$result = mysql_query($sql,$db);
if(mysql_num_rows($result)==0){
if ($_POST['submit']) {
$sql_insert = "INSERT INTO account (firstname,lastname,password,email) VALUES ('$firstname','$lastname','$password','$email')";
$result_insert = mysql_query($sql_insert,$db);
}
}
else
{
echo "the user with this email address already exist";
}
?>
Hope this helps you

You could change your condition to check whether or not the error message has been filled:
if ($_POST['submit'] && $errorMessage == "Email doesn't match") {
$sql_insert = "INSERT INTO account (firstname,lastname,password,email) VALUES ('$firstname','$lastname','$password','$email')";
$result_insert = mysql_query($sql_insert,$db);
}

php username check on database when user already taken

Hi i have a registration system, and it works well and save to database, I have a problem in checking on the database for the username if already exists. My script on checking database is wrong. Can someone help me on this? Below is my code
<?php
if(empty($_POST['username'])){
$username_error = "Please Input Username";
}else{
if( 6 > mb_strlen($_POST['username']) || 20 < mb_strlen($_POST['username'])){
$username_error = "username must be at least 6 characters.";
}else{
$sql = "SELECT
members.username
FROM
members
WHERE username = $username";
$res = mysql_query($sql);
if(mysql_num_rows($res)){
$username_exists = "Username is already taken.";
}else{
$username = $_POST['username'];
}
}
}
?>
problem is only in the else statement

Change :
$sql = "SELECT
members.username
FROM
members
WHERE username = $username";
To:
$sql = "SELECT
members.username
FROM
members
WHERE username = '".mysql_real_escape_string($username)."'";
$users =mysql_query($sql);
if(mysql_num_rows($users )){
$username_exists = "Username is already taken.";
}{
$username = $_POST['username'];
}
Have in mind, you need to escape your user name to avoid SQL injection! And avoid using mysql_ functions!

Before you read on; this is prone to SQL injection, and I'd love to point you to PDO.
Change your SQL statement to treat $username as a string;
SELECT members.username
FROM members
WHERE username = '$username'
Then remove the following line,
mysql_query($sql);
And finally change your if() { } condition to;
if(mysql_num_rows(mysql_query($sql))>0){

I have tried to help you with this code. Pay attention to comments. I have done more then just, answer your question: there are a bit changed logic, added sanitize of $username...
<?php
// at first let's define this variables (just for any case)
$username_error = null;
$username_exists = null;
// get username
$username = $_POST['username'];
// let's check it
if (empty($username)) {
$username_error = "Please Input Username";
// don't know in what context you use this code
// so here you need to return from function or exit
return;
}
// ... and sanitize
$username = filter_var($username, FILTER_SANITIZE_SPECIAL_CHARS); // just for example
// actually, I use active record, so can't suggest 100%-security way
// check lenght
if (mb_strlen($username) < 6 || mb_strlen($username) > 20) {
$username_error = "username must be at least 6 characters.";
// also let's exit or return
return;
}
// and now let's check it in DB
$sql = "SELECT
members.username
FROM
members
WHERE username = '$username'";
// !!! pay attention!!!
$result = mysql_query($sql); // we need append this mysql result to some variable
if (mysql_num_rows($result) > 0) { // and here we check num_rows of that result, not just tring with query!
$username_exists = "Username is already taken.";
// also let's exit or return
return;
}
// if we are in here we have sanitized $username, that's not in use.
// Enjoy!

var qc=document.forms["regform"]["email"].value;
if(qc!='') {
alert('in');
$.ajax({
url: 'search.php',
data: "check_qc=" + qc,
async:false,
success: function(response) {
if(response==1)
{
alert('Already Exists');
return false;
}
}
});
}
Now, in search.php file
$qc = $_GET['check_qc'];
$sel="select * from register where email='".$qc."'";
$res= mysql_query($sel);
$co= mysql_num_rows($res);
// echo $co;
if(count($co)>0)
echo "1";
else
echo "0";

if(mysql_num_rows($sql)>0){
$username_exists = "Username is already taken.";
}else{
$username = $_POST['username'];
}
Although you should be using PDO or something else for sanitization.
Correction:
$res = mysql_query($sql) or die(mysql_error());
if(mysql_num_rows($res)){
$username_exists = "Username is already taken.";
}else{
$username = $_POST['username'];
}

php username that checks on database "username already taken" [duplicate]

This question already has answers here:
php username check on database when user already taken
(5 answers)
Closed 9 years ago.
Hi i have a registration system, And it works well, my problem is that how will i check the username if already taken based on my database ?? i have this script and it wont work, can someone help me solve this??
<?php
if(empty($_POST['username'])){
$username_error = "Please Input Username";
}else{
if( 6 > mb_strlen($_POST['username']) || 20 < mb_strlen($_POST['username'])){
$username_error = "username must be at least 6 characters.";
}else{
$username = $_POST['username'];
$sql = "SELECT
members.username
FROM
members
WHERE username = $username";
$res = mysql_query($sql);
if(mysql_num_rows($res)){
$username_exists = "Username is already taken.";
}else{
$username = $_POST['username'];
}
}
}
?
the problem is on the else statement check the database if username is taken.
Please help me out on this , many thanks
i get this error
Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\TheSocioNet\stud_reg.php on line 210

Please use below code to fix your problem
<?php
if(empty($_POST['username'])){
$username_error = "Please Input Username";
}else{
if( 6 > mb_strlen($_POST['username']) || 20 < mb_strlen($_POST['username'])){
$username_error = "username must be at least 6 characters.";
}else{
$username = $_POST['username'];
$sql = "SELECT
members.username
FROM
members
WHERE username = '". $username."'";
$res = mysql_query($sql);
if($res && mysql_num_rows($res) > 0){
$username_exists = "Username is already taken.";
}else{
$username = $_POST['username'];
}
}
}
?

PHP mysql bug query

Hi guys i've been working for straight 12 hours, i can't seem to find fix.
i'm trying to compare user-input to database result for example $username == $result echo "Username is aldready taken, but the problem is it's passing through 2 statements without a break, and if i put a break to exit the loop, it always check for $email == $result2 despite of not entering any email in the field.
if (isset($_POST['username']) or isset($_POST['email'])) {
$extract = mysql_query("
SELECT
`username`, `email`
FROM `users`
WHERE `username`='$username' OR `email`='$email'
");
$resultq = mysql_num_rows($extract);
while ($row = mysql_fetch_array($extract)) {
$result = $row['username'];
$result2 = $row['email'];
echo " " . $result;
echo " " . $result2;
if ($username == $result) {
echo " Username is already Taken!";
// break; //whenever i put break, it always gives me the else if statement echo, despite not entering any email in the field
} //$pass = $_POST['pass'];
else if ($email == $result2) {
echo "Email Address is already used!";
// break;
} else {
}
}
}

Upgrade from mysql to either MySQLi, or PDO.
However;
$extract= mysql_query("SELECT username, email FROM users where username='$username' or email='$email'");
$resultq = mysql_num_rows($extract);
if($resultq > 0) {
echo 'Either your username, or email is already taken!';
return;
}

See sniko for the answer to your initial problem. However, see the following...
You're not defining $username or $email
if ($username == $result ) should be
if ($_POST['username'] == $result )
or you could define $username and $email at the beginning of the conditional.
You should also change this:
isset($_POST['username']) or isset($_POST['email'])
to this:
isset($_POST['username']) && isset($_POST['email'])
because you depend on both in your query.
and as sniko said, switch to mysqli or PDO. mysql_ is deprecated.
full sample:
if(isset($_POST['username']) && isset($_POST['email']))
{
$username = $_POST['username'];
$email = $_POST['email'];
$extract= mysql_query("SELECT username, email FROM users where username='$username' or email='$email'");
$resultq = mysql_num_rows($extract);
if($resultq > 0) {
echo 'Either your username, or email is already taken!';
return;
}
}
Also note, you're not sanitizing the input. You could be hacked with this input. switching to mysqli or pdo and using prepared statements would help this.

What is wrong with this PHP/MySQL code?

if(!empty($username) && !empty($email) && !empty($password) && !empty($confirm_password)){
$username = htmlentities($username);
$username = stripslashes($username);
$username = strip_tags($username);
$username = mysql_real_escape_string($username);
$username = preg_replace("[^A-Za-z0-9]", "", $username);
$email = htmlentities($email);
$email = stripslashes($email);
$email = strip_tags($email);
$email = mysql_real_escape_string($email);
$email = preg_replace("[^A-Za-z0-9]", "", $email);
if(strstr($email, "#") && strstr($email, ".")) {
require("$baseURL/scripts/connect.php");
$checkemail = mysql_query("SELECT * FROM users WHERE email='$email'") or die(mysql_error());
$numrows_checkemail = mysql_num_rows($checkemail);
if($numrows_checkemail > 0) {
require("$baseURL/scripts/connect.php");
$checkusername = mysql_query("SELECT * FROM users WHERE username='$username'") or die(mysql_error());
$numrows_checkusername = mysql_num_rows($checkusername);
if($numrows_checkusername > 0) {
if($password == $confirm_password) {
$hashpass = md5(md5($password));
//All set to insert into the db
require("$baseURL/scripts/connect.php");
mysql_query("INSERT INTO users (username, email, password) VALUES ('$username', '$email', '$hashpass')") or die(mysql_error());
$this->noticeMsg = "You have been signed up successfully!";
} else {
$this->errorMsg = "Uh-oh, looks like your passwords do not match!";
}
} else {
$this->errorMsg = "Oops, looks like that username is already in use! Please pick a different username.";
}
} else {
$this->errorMsg = "That email is already in use, please sign up with another email.";
}
} else {
$this->errorMsg = "Please enter a valid email address!";
}
} else {
$this->errorMsg = "Please fill in all the fields!";
}
The error I keep getting is "That email is already in use, please sign up with another email." even though the right file is being "required" and is connected to the database properly. The problem is most likely at the $numrows_checkemail part because when I use if($numrows_checkemail == 0) it works just fine. Why won't the ">" symbol work?
Am I doing something wrong?
Thank you

if($numrows_checkemail > 0) will return true only if $numrows_checkemail is bigger than 0.
You need to check for $numrows_checkemail == 0 or empty($numrows_checkemail)

The > is reversing your logic;
$numrows_checkemail > 0 is true if at least one user with that email already exists in the database (ie if there is more than zero rows in the database with that email)
$numrows_checkemail == 0 is true if no user with that email already exists in the database (ie if there isn't any row in the database with that email)

We Keep Coding

PHP, A popular general-purpose scripting language that is especially suited to web development.

ISSET Php mysql [duplicate] - php

isset renders true for empty string. it checks the existence of a variable. Here is a detailed explanation. You should use if (trim($_POST['username']) != "")

if(isset($_POST['submit'])) { $username = $_POST['username']; $email = $_POST['email']; $extract= mysql_query("SELECT * FROM users where username='$username'"); $resultq = mysql_num_rows($extract); if($resultq > 0) { echo 'Either your username, or email is already taken!'; return; } }

Related

What do I have to do to my code so it will only create the account if the email doesn't already exist in the Database? [duplicate]

php username check on database when user already taken

php username that checks on database "username already taken" [duplicate]

PHP mysql bug query

What is wrong with this PHP/MySQL code?

Categories

Resources