Php database help
Results 1 to 6 of 6

Thread: Php database help

  1. #1
    Junior Member
    Join Date
    Jan 2013
    Posts
    12

    Php database help

    Hello! I need to make a sign up page with php and databases. so far i made the connection and the data insert into database:
    PHP Code:
    <?php
    $con 
    mysql_connect("localhost","******","******");
    mysql_select_db("Inregistrare"$con);



    $sql="INSERT INTO inregistrare (Nume, Prenume, Localitate, Varsta, Sex, Username, Parola)
    VALUES
    ('
    $_POST[nume]','$_POST[prenume]','$_POST[localitate]','$_POST[varsta]','$_POST[sex]','$_POST[username]','$_POST[parola]')";
    mysql_query($sql,$con);
    echo 
    "Felicitari! Ati fost inregistrat! Asteptati 5 secunde sau apasati <a href='conectare.html'>aici</a> pentru a va putea loga.";


    mysql_close($con);
    I know that it is not in english. Sorry for that. And the html page looks like this:

    HTML Code:
    <form action="inregistrare.php" method="post">
    <fieldset>
    	<legend>Inregistrare</legend>
    	<table>
    		<tr>
    			<td>Nume</td>
    			<td><input type="text" name="nume"></td>
    		</tr>
    		<tr>
    			<td>Prenume</td>
    			<td><input type="text" name="prenume"></td>
    		</tr>
    		<tr>
    			<td>Localitate</td>
    			<td><input type="text" name="localitate"></td>
    		</tr>
    		<tr>
    			<td>Varsta</td>
    			<td><input type="text" name="varsta"></td>
    		</tr>
    		<tr>
    			<td>Sex</td>
    			
    			<td><input type="text" name="sex"></td>
    		</tr>
    		<tr>
    			<td>Nume utilizator</td>
    			<td><input type="text" name="username"></td>
    		</tr>
    		<tr>
    			<td>Parola</td>
    			<td><input type="password" name="parola"></td>
    		</tr>
    		<tr>
    			<td><input type="submit" name="inregistrare" value="Inregistrare"></td>
    		</tr>
    	</table>
    </fieldset>
    </form>
    Now what i want to do is to check if an username is already taken and I don't know how to check if $_POST[username]== with any username from the database.
    Please help and thanks!
    Last edited by bpat1434; 01-19-2013 at 09:44 AM. Reason: Removing username and password

  2. #2
    NMaOtBG bpat1434's Avatar
    Join Date
    Oct 2004
    Location
    Around 255.255.255.0
    Posts
    7,850
    First things first being that when you insert into the database, you should either use mysqli and it's prepared statement or use mysql_real_escape_string to help prevent SQL injection attacks.

    To see if a username is taken you can do it one of two ways. You can either alter your database to have a unique key on the username column which will result in a failed query when you try to insert a duplicate username; or, you can do a quick SELECT query (similar to the INSERT query you already wrote) which just looks for "WHERE username = '{$username}'".

    One example would be:

    PHP Code:
    <?php
    $con 
    mysql_connect("localhost","******","******");
    mysql_select_db("Inregistrare"$con);

    $isUniqueQuery "SELECT Username FROM inregistrare WHERE username = '%s'";
    $query sprintf($isUniqueQuerymysql_real_escape_string($_POST['Username']));
    $result mysql_query($query);
    if (
    mysql_num_rows($result) > 0)
    {
        echo 
    "That username is already taken.";
    }
    else
    {
        
    $insertQuery "INSERT INTO inregistrare (Nume, Prenume, Localitate, Varsta, Sex, Username, Parola) " .
            
    "VALUES ('%s','%s','%s','%s','%s','%s','%s')";
        
    $query sprintf(
            
    $insertQuery,
            
    mysql_real_escape_string($_POST[nume]),
            
    mysql_real_escape_string($_POST[prenume]),
            
    mysql_real_escape_string($_POST[localitate]),
            
    mysql_real_escape_string($_POST[varsta]),
            
    mysql_real_escape_string($_POST[sex]),
            
    mysql_real_escape_string($_POST[username]),
            
    mysql_real_escape_string($_POST[parola])
        );
        
    $result mysql_query($query);
        
        if (
    mysql_affected_rows($con) == 1)
        {
            echo 
    "Felicitari! Ati fost inregistrat! Asteptati 5 secunde sau apasati <a href='conectare.html'>aici</a> pentru a va putea loga."
        }
        else
        {
            echo 
    "Unable to save registration.";
        }
    }
    Hope that helps.

  3. #3
    Senior Member
    Join Date
    Apr 2003
    Location
    Silver Lake
    Posts
    4,830
    Quote Originally Posted by bpat1434 View Post
    First things first being that when you insert into the database, you should either use mysqli and it's prepared statement or use mysql_real_escape_string to help prevent SQL injection attacks.
    This is very good advice but perhaps the first thing he should probably do is stop using mysql_* and instead use mysqli_*. (see the link in my signature).

    Quote Originally Posted by bpat1434 View Post
    To see if a username is taken you can do it one of two ways. You can either alter your database to have a unique key on the username column which will result in a failed query when you try to insert a duplicate username; or, you can do a quick SELECT query (similar to the INSERT query you already wrote) which just looks for "WHERE username = '{$username}'".
    Bpat, can you describe what would happen in PHP if he tried to insert a duplicate username? I expect he'd receive an error. I must admit I have never written any code that would recognize this situation and deal with it properly.
    IMPORTANT: STOP using the mysql extension. Use mysqli or pdo instead.
    World War One happened 100 years ago. Visit Old Grey Horror for the agony and irony.

  4. #4
    High Energy Magic Dept. NogDog's Avatar
    Join Date
    Aug 2006
    Location
    Ankh-Morpork
    Posts
    13,886
    If you try to do an insert with a duplicate value for a field with a unique constraint, the query will fail, and if you check the mysql_errno() function (or whatever the mysqli equivalent is), it will be a 1062 error.

    What's nice about this approach is that it effectively eliminates having to worry about race conditions where 2 separate but virtually simultaneous request each check the DB for a duplicate, don't find one, and then whichever one does its insert 2nd gets an error anyway, while also cutting the number of queries in half.
    Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be." ~ from Nation, by Terry Pratchett

    "But the main reason that any programmer learning any new language thinks the new language is SO much better than the old one is because hes a better programmer now!" ~ http://www.oreillynet.com/ruby/blog/...ck_to_p_1.html


    eBookworm.us

  5. #5
    Senior Member
    Join Date
    Apr 2003
    Location
    Silver Lake
    Posts
    4,830
    Quote Originally Posted by NogDog View Post
    What's nice about this approach is that it effectively eliminates having to worry about race conditions where 2 separate but virtually simultaneous request each check the DB for a duplicate, don't find one, and then whichever one does its insert 2nd gets an error anyway, while also cutting the number of queries in half.
    Ooooh, nice! Thanks for pointing that out.
    IMPORTANT: STOP using the mysql extension. Use mysqli or pdo instead.
    World War One happened 100 years ago. Visit Old Grey Horror for the agony and irony.

  6. #6
    Junior Member
    Join Date
    Jan 2013
    Posts
    12
    Thanks.It was very usefull.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •