$sql="INSERT INTO inregistrare (Nume, Prenume, Localitate, Varsta, Sex, Username, Parola)
VALUES
('$_POST[nume]','$_POST[prenume]','$_POST[localitate]','$_POST[varsta]','$_POST[sex]','$_POST[username]','$_POST[parola]')";
mysql_query($sql,$con);
echo "Felicitari! Ati fost inregistrat! Asteptati 5 secunde sau apasati <a href='conectare.html'>aici</a> pentru a va putea loga.";
mysql_close($con);
I know that it is not in english. Sorry for that. And the html page looks like this:
Now what i want to do is to check if an username is already taken and I don't know how to check if $_POST[username]== with any username from the database.
Please help and thanks!
Last edited by bpat1434; 01-19-2013 at 09:44 AM.
Reason: Removing username and password
First things first being that when you insert into the database, you should either use mysqli and it's prepared statement or use mysql_real_escape_string to help prevent SQL injection attacks.
To see if a username is taken you can do it one of two ways. You can either alter your database to have a unique key on the username column which will result in a failed query when you try to insert a duplicate username; or, you can do a quick SELECT query (similar to the INSERT query you already wrote) which just looks for "WHERE username = '{$username}'".
if (mysql_affected_rows($con) == 1)
{
echo "Felicitari! Ati fost inregistrat! Asteptati 5 secunde sau apasati <a href='conectare.html'>aici</a> pentru a va putea loga.";
}
else
{
echo "Unable to save registration.";
}
}
First things first being that when you insert into the database, you should either use mysqli and it's prepared statement or use mysql_real_escape_string to help prevent SQL injection attacks.
This is very good advice but perhaps the first thing he should probably do is stop using mysql_* and instead use mysqli_*. (see the link in my signature).
Originally Posted by bpat1434
To see if a username is taken you can do it one of two ways. You can either alter your database to have a unique key on the username column which will result in a failed query when you try to insert a duplicate username; or, you can do a quick SELECT query (similar to the INSERT query you already wrote) which just looks for "WHERE username = '{$username}'".
Bpat, can you describe what would happen in PHP if he tried to insert a duplicate username? I expect he'd receive an error. I must admit I have never written any code that would recognize this situation and deal with it properly.
If you try to do an insert with a duplicate value for a field with a unique constraint, the query will fail, and if you check the mysql_errno() function (or whatever the mysqli equivalent is), it will be a 1062 error.
What's nice about this approach is that it effectively eliminates having to worry about race conditions where 2 separate but virtually simultaneous request each check the DB for a duplicate, don't find one, and then whichever one does its insert 2nd gets an error anyway, while also cutting the number of queries in half.
Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be." ~ from Nation, by Terry Pratchett
"But the main reason that any programmer learning any new language thinks the new language is SO much better than the old one is because he’s a better programmer now!" ~ http://www.oreillynet.com/ruby/blog/...ck_to_p_1.html
What's nice about this approach is that it effectively eliminates having to worry about race conditions where 2 separate but virtually simultaneous request each check the DB for a duplicate, don't find one, and then whichever one does its insert 2nd gets an error anyway, while also cutting the number of queries in half.
Reply With Quote
Originally Posted by bpat1434
Bookmarks