Back Home

Open Designs

Community. Driven.

General Talk: Duplicate Registrations

Bottom of Page

1 to 30 of 30

  1.  
  1.  
    I am fianelly making a web tool in php AND MySQL an it involves a user registering. Im my table i have the "USERNAME" field set to be unique. How can I have it when someone registers that my script will check the database for that name and if it exists generate and error? Would it be something like:

    if(mysql_query(SELCT * FROM my_table WHERE username=" . $_POST['username'] . "))
    echo "This username is already taken";
    • CommentAuthorRob
    • CommentTimeAug 31st 2008
     
    You don't need to do SELECT * just do SELECT username, selecting everything is a waste.

    You could also do num rows instead of a query so:

    if(mysql_num_rows("SELECT username FROM my_table WHERE username=" . $_POST['username'] . "")) {
    echo "This username is already taken";
    }

    A couple of things to note, you left a double quote off, of the beginning and end of the query and there's no need to open the double quotes again at the end if you're not planning on putting anything inside it just end it at $_POST['username'].
  3.  
    Thanks for the reply rob. I'll give your code a go.
    • CommentAuthorconartistdesigns
    • CommentTimeAug 31st 2008 edited by conartistdesigns on the 31st August 2008 at 15:32:44 EDT
     
    I cant say weather or not ts working because im getting another error from this part of my page:

    mysql_query("INSERT INTO register
    (name, email, username, password) VALUES($name, $email, $username, $hashpw) ")
    or die(mysql_error());
    I get this error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'McKelvey, someaddress@email.com, connor, 8b97562b11795df7e1df590c578124' at line 2

    what did it do wrong?

    ps
    please forgive me i have very little knowledge of sql stuff.
  5.  
    Fixed it i needed single quotes arount the variables sorry.
  6.  
    Rob: I get this error with you corrections:

    Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/connorm/public_html/superscribe/register.php on line 293
    • CommentAuthorfernbap
    • CommentTimeAug 31st 2008
     
    mysql_query("INSERT INTO register
    (name, email, username, password) VALUES($name, $email, $username, $hashpw) ")
    or die(mysql_error());


    You are entering strings so you should submit them within """.
    Also, it's better not to do the query this way. First make a string with the query and then execute it:

    $query="INSERT INTO register (name, email, username, password) VALUES
    ('$name', '$email', '$username', '$hashpw')";
    mysql_query($query) or die(mysql_error());
    •  
      CommentAuthorgreg
    • CommentTimeAug 31st 2008
     
    Posted By: conartistdesignsI am fianelly making a web tool in php AND MySQL an it involves a user registering. Im my table i have the "USERNAME" field set to be unique. How can I have it when someone registers that my script will check the database for that name and if it exists generate and error? Would it be something like:

    if(mysql_query(SELCT * FROM my_table WHERE username=" . $_POST['username'] . "))
    echo "This username is already taken";
    you should read up on security, specifically sql injection. passing user input directly into a query is a bad idea.
  9.  
    greg this idea actually came from one of your suggestions on a differnent post. I will lo into that stuff tho.
    • CommentAuthorconartistdesigns
    • CommentTimeSep 1st 2008 edited by conartistdesigns on the 01st September 2008 at 12:29:48 EDT
     
    Is this what i need to do to keep my form from being injected?

    function clean($str, $encode_ent = false) {
    $str = @trim($str);
    if($encode_ent) {
    $str = htmlentities($str);
    }
    if(version_compare(phpversion(),'4.3.0') >= 0) {
    if(get_magic_quotes_gpc()) {
    $str = stripslashes($str);
    }
    if(@mysql_ping()) {
    $str = mysql_real_escape_string($str);
    }
    else {
    $str = addslashes($str);
    }
    }
    else {
    if(!get_magic_quotes_gpc()) {
    $str = addslashes($str);
    }
    }
    return $str;
    }

    $name = clean($_POST['name']);
    $email = clean($_POST['email']);
    $usename = clean($_POST['username']);
    $password = clean($_POST['password']);
    $confirm = clean($_POST['confirm']);
    $special = clean($_POST['website']);
  11.  
    @conartistdesigns: From what I read, that code should work. You'll be sql injection safe. As a side note, If you are encrypting a field before submitting (like a password), you don't have to "clean" it.

    Example:

    $password = md5($_POST['password']); //$password is safe for queries
  12.  
    oh ok. yeah i had $ password md5'd so thanks. I had used the above code and didnt get any errors, yet i was still unsure if it would work. Thanks everybody. Now to the login part of my site.
    • CommentAuthorcthelight
    • CommentTimeSep 3rd 2008
     
    use mysql_escape_string($_POST['somthing'])
  14.  
    Posted By: cthelightuse mysql_escape_string($_POST['somthing'])

    The above function does use that (the more recent version)
  15.  
    I'm just about finished with my login part of my tool and now i want it to redirect after it sets a cookie. I don't care about seo for this part so anyway. i want to learn how to do unclean urls.... when the user is redirected i want them to be redirected to admin.php?id=whateverthereidis. i have already stored a member id in the database i just don't know how to do these types of urls. could someone show me?
    Thanks
  16.  
    <?php
    header("location: admin.php?id=whateverthereidis");
    ?>

    In your case you don't have to worry about it being SEO friendly because search engines don't fill out forms.
  17.  
    The code I sent in the last post would most likely be considered SEO friendly by most search engines. The following would be a safer but longer version:

    <?php
    header( “HTTP/1.1 301 Moved Permanently” );
    header( “Location: admin.php?id=whateverthereidis” );
    exit();
    ?>
  18.  
    Sorry i must have said it in an unclear way. I know how to do a redirect but i dont knpw how to make the unclear urls such as admin.php?id=whateverthereidis this is something i would like to learn how to do.
    •  
      CommentAuthorgreg
    • CommentTimeSep 3rd 2008
     
    $page = $_GET['id'];
    if ($page == 'admin') {
    echo 'admin page';
    }
    else if ($page == 'somethingelse') {
    echo 'another page';
    }
    etc
    • CommentAuthorkalyan
    • CommentTimeSep 3rd 2008
     
    Hey con, instad of all that gpc quote thingy use this
    $_POST = array_map( 'mysql_real_escape_string', $_POST );

    Also both of theses wont work...
    You could also do num rows instead of a query so:

    if(mysql_num_rows("SELECT username FROM my_table WHERE username=" . $_POST['username'] . "")) {
    echo "This username is already taken";
    }

    You have to supply a mysql_query result variable to mysql_num_rows, so it would be
    $result = mysql_query( "SELECT username FROM my_table WHERE username='$_POST[username]'" );
    if( mysql_num_rows($result) )
    echo "This username is already taken";

    Posted By: conartistdesignsif(mysql_query(SELCT * FROM my_table WHERE username=" . $_POST['username'] . "))
    echo "This username is already taken";

    if( mysql_query("your query") )
    will be always be true as long as your query is executing correctly, and resulting rows wont matter ( as it would be checking the query but not result ).

    if( mysql_query("query") ) die( mysql_error() ); //query error caught
    Its ideally used to check if sql errors occur or of successful data insertion/del/updation occurred.

    Cheers
  21.  
    Thank You all but I have everything else figured out. THe thing I want to know is how to make admin.php?id=number. The only urls i am familiar with are clean ones such as /idnumber/admin.php.
  22.  
    bump
    •  
      CommentAuthorbakercad
    • CommentTimeSep 5th 2008
     
    when a user logs in are you saving their id number in a session or cookie? If so, you should just be able to grab that

    echo '<a href="admin.php?id='.$_SESSION['userid'].'">Admin</a>';
  24.  
    Ok. I'm sorry if i sound frusterated but it seems taht no one gets what im asking.
    How do i make admin.php?id=1 display the users data whos id is 1 opposed to a users id whos is 2,3,4,5.... etc
    • CommentAuthordannisbet
    • CommentTimeSep 5th 2008
     
    You can create a string with the $_GET function

    $id = $_GET['id'];
    • CommentAuthorcthelight
    • CommentTimeSep 5th 2008
     
    you would do somthing like:
    $query = "SELECT * FROM 'users' WHERE 'id' LIKE '".mysql_escape_string($_GET['id'])."';";
    •  
      CommentAuthorbakercad
    • CommentTimeSep 5th 2008
     
    Or...if you save the user's id in a session after they log in, you don't even need the ?id=1 part in the URL. Then the query on the admin.php page as cthelight mentioned (though that one wouldn't work) would look like this:

    $query = "SELECT * FROM users WHERE id = '$_SESSION[userid]'";


    @cthelight: the query you wrote wouldn't work because you need a % symbol when using LIKE, BUT when looking for someone's id you'd want to get an EXACT match. A LIKE search looks for ALL ids "similar to" what you specify depending on where you put the % symbol(s).
    $query = "SELECT * FROM users WHERE id LIKE '%12'";
    would find ANY id ending with 12 (ex. 12, 112, 2512)
    $query = "SELECT * FROM users WHERE id LIKE '%12%'";
    would find ANY id with 12 in it (ex. 12, 112, 2127, 3451254)
    $query = "SELECT * FROM users WHERE id LIKE '12%'";
    would find ANY id beginning with 12 (ex. 12, 1212, 12512, 125675)
    • CommentAuthorMattKern
    • CommentTimeSep 5th 2008
     
    mysql_escape_string($_GET['id'])


    Escaping an int doesn't do anything.

    If you know a number is suppose to be an int, cast it as one.

    $id = (int)$_GET['id'];

    if $_GET[id] is a string, the cast will turn it into a zero.

    Sorry. Probably a little off topic.
  29.  
    Posted By: bakercadwhen a user logs in are you saving their id number in a session or cookie? If so, you should just be able to grab that

    echo '<a href="admin.php?id='.$_SESSION['userid'].'">Admin</a>';

    Yes it is being stored in a cookie
    •  
      CommentAuthorbakercad
    • CommentTimeSep 5th 2008
     
    then you can do a query like this to get that user info on the admin.php page:
    $query = "SELECT * FROM users WHERE id = '$_COOKIE[userid]'";

1 to 30 of 30

  1.