hi again. im not having a very good day, google has let me down... i cant find anything to do this

check the availablilty of a username:

i dont know weather to: send a sql querey like --> search
or to get the colums and preg match and see iff there is a username like it already.

thanks

    i use this function:

    function usernameTaken($username){
      	/* Add slashes if necessary (for query) */
		if(get_magic_quotes_gpc()) {
  			$username = stripslashes($username);
		}
		$username = mysql_real_escape_string($username, $this->connection);

  $q = "SELECT username FROM ".TBL_USERS." WHERE username = '$username'";
      $result = mysql_query($q, $this->connection);
      return (mysql_numrows($result) > 0);
   }

    might need to change the db link to whatever you need. returns true if username is taken, false if it isnt

      awesome thanks, ill mark as resolved...

        wait, it isnt working...

        i check at php manual

        and it says somethime you need an

        or die(mysqlerror());

        but i dont know how to implement it if a just add it in it wrecks my code above...

          function usernameTaken($username){
      /* Add slashes if necessary (for query) */
      if(get_magic_quotes_gpc()) {
            $username = stripslashes($username);
      }
      $username = mysql_real_escape_string($username, $this->connection);

  $q = "SELECT username FROM table WHERE username = '$username'";
  $result = mysql_query($q, $this->connection) or die(mysql_error()."<br />Query: $q");
  return (mysql_numrows($result) > 0);
}

          try that and post the errors, if any. also visually inspect the query it prints out to make sure it makes sense.

            ok, this is verry odd

            i tried what you said: and nothing

            and then i tried to just echo $q

            and NOTHING???

            whats happening?

              ok, the echo i added was after return, and i forgot it ends code till }

              BUT i commented that out for time being and the sql querey is good till

              WHERE username = "

              thats it...
              -does it have something to do with gpc
              -or real_escape_string...

                can you paste the whole error message? the query should be echoed too with the code from above.

                  get rid of all instances of $this->connection in the posted code. It looks like jmack copied and pasted the code from one of his libraries, but you're likely not using this within a class. This will cause PHP to throw an error.

                  Also, are you getting a blank screen? If so, be sure you turn on errors by

                  // set the error_reporting level
error_reporting( E_ALL ^ E_NOTICE );
ini_set('display_errors','On');

                  You can get rid of the ^ E_NOTICE if you want even stricter error notices. This will help you with debugging.

                    OK, now we're getting somewhere - firstly, i never put

                    this->connection

                    because i already had

                    $link

                    defined, but with the strictest errors turned on i get these

                    Unknown column 'a' in 'where clause'

                    MY querey is Query: SELECT * FROM free_unconfirmed WHERE username = a

                    and it rewrites the headers to this URL

                    http://www.yeww.dyndns.org/%3Cbr%20/%3E%3Cb%3ENotice%3C/b%3E:%20%20Undefined%20variable:%20PHP_SELF%20in%20%3Cb%3E/var/www/html/register.php%3C/b%3E%20on%20line%20%3Cb%3E39%3C/b%3E%3Cbr%20/%3E

                    this is crazy...

                      you should have 'a' in single quotes. i cant view that site.... need a username and pass to view it. is 'a' your var name or is it the value? oh and you do have a column named username, right?

                        a is the value

                        everything is good, i have tested it -except for the filter... heres my code:\

                        <?php
                        $dbcnx = mysql_connect(localhost, root, "password-removed") or die("some code is mucked up" . mysql_error());

                        mysql_select_db(yewww) or die("some code is mucked up" . mysql_error());

                        $username = mysql_real_escape_string($username, $dbcnx);
                        $username = $_POST['username'];
                        $sql = "SELECT username FROM free_unconfirmed WHERE username = '$username'";
                        $result = mysql_query($sql) or die(mysql_error()."<br />Query: $sql");
                        return (mysql_numrows($result) > 0);

                        ?>

                          I'm a bit confused... your query looks fine (in the code you posted) - it has single quotes around the $username variable (speaking of, your variable declaration doesn't make sense at all: you use [man]mysql_real_escape_string/man on $username which doesn't exist yet, but that doesn't matter because even if the function did output useful data you overwrite it in the next line with the data in $_POST['username]).

                          Are you positive that is the correct code?

                            here is my whole functions.php
                            <?php
                            //Arrays
                            //$error_array = array();
                            //Yeww web hosting's user defined functions
                            $error = 0;
                            $username = $HTTP_POST_VARS['username'];
                            function username_ok($username) {

                             if(preg_match('/^[a-zA-Z0-9][a-zA-Z0-9]{2,20}[a-zA-Z0-9]$/', $username)){
 return true;
 } else {
$error = error + 1;
 //$error_array[]="Your selected username has a bad character";

}

                            //error_reporting( E_ALL );
                            //ini_set('display_errors','On');

                            $dbcnx = mysql_connect(localhost, root, "98@34back") or die("some code is mucked up" . mysql_error());  

mysql_select_db(yewww) or die("some code is mucked up" . mysql_error());


$username = mysql_real_escape_string($_POST['username'], $dbcnx); 


  $sql = "SELECT username FROM free_unconfirmed WHERE username = $username"; 
  $result = mysql_query($sql) or die(mysql_error()); 
  if($result) { echo(ohshit); }
  if(mysql_numrows($result) > 0){
      $error = $error + 1;
	  return ($num_rows > 0); 
    }

if($error == 0){
return true;
} else {
return false;
}

                            }

                            ?>

                            here is what calls the functions

                            <?php
                            require("functions.php");
                            $formatting = "noformat";
                            // $username = "";

                            if (isset($_POST['process'])) {

   $username   = $_POST['username'];

    if (username_ok($username)) {
        //store the data in the database...
        header( "Location: unconfirmed.php");
    }
    $message    = "Please enter a valid username thats not taken.";
    $username   = $_POST['name'];
    $formatting = "errortext";

} ?>

                            the whole prg match part works

                              in the above code, i counted you assigning $username to 4 different $POST vars!:eek: if you take $username as a parameter to username_ok(), dont assign it to a $POST var inside the function. declare it once and pass it as a parameter.

                              inside username_ok(), you tell the function to return multiple times, but return halts execution of the function and returns the value specified. sop if your $username passed the first test, it would never get the the next one the way you have it. you try to return ($numrows > 0), but $numrows is never defined.

                              you need to clean up your code dude.

                                ahhh ok sorry for all this hassle, ok what sould i do - and

                                it starts off all nice and neat, then i try something, then something else then 5 more things, delete half of it and start typing again, and in the end it looks like that.

                                he, sorry...

                                  well keep it simple for now... put each one of the checks into their own separate function. then you could call something like:

                                  if(validUsername($username) && !usernameTaken($username)){
    //username ok to use
}else{
    //username not ok
}

                                  in the function i gave you earlier, it returns true if the username is taken, so thats why i put the !. i assume that the validUsername function would return true if the username was valid similar to your preg_match before.

                                    yep, sorry i didn't reply, i pop 'd open some champagne and went to bed, here is the function file

                                    <?php
                                    $username = $GET['username']; // <- i just usedthat for testing, the real //$username comes from Post when you call username_ok -> register page...

                                    function user_bad_char($username) {
		return !preg_match('/^[a-zA-Z0-9][a-zA-Z0-9]{2,20}[a-zA-Z0-9]$/', $username);
}

function user_taken ($username) {

$dbcnx = mysql_connect(localhost, root, "password-removed-by-mod") or die("some code is mucked up" . mysql_error());  
mysql_select_db(yewww) or die("some code is mucked up" . mysql_error());
$result = mysql_query("SELECT username FROM free_unconfirmed WHERE username=\"" .$username ."\"") or die("error: " . mysql_error());

return mysql_num_rows($result);

}
function username_ok($username) {

if(user_bad_char($username) and user_taken($username) == 1 ){
}
if(user_bad_char($username)){
$error = $error +1;
} 
if(user_taken($username)){
$error = $error +1;
}	
if($error == 0){
return true; 
} else {
return false;
}

                                    }
                                    ?>

                                    and you call it by saying

                                    if(username_ok($_post['username'])) {

                                    echo valid
                                    { else{

                                    not valid

                                    }

                                    the key was the querey needed to be in "'s, because i quereyd mymy sql server directly, and it was giving me s*** so i tried " and it worked, then i escaped the
                                    " s with \" and everything worked fine...\

                                    • does real_escape_string do that for you, i dunno, all i no is i hope i dont get injected becuase that will suck...

                                    Thanks everyone for all ya help

                                    and keep on php ing

                                      Please use the forums PHP BB tags to post PHP code so we can read it easier.

                                      You said you are missing single quotes, and also want to protect yourself against injection, but you're not doing either!

                                      $sql = "SELECT username FROM free_unconfirmed WHERE username = '" . $username . "'";

                                      That takes care of the single quotes, but why did you do away with mysql_real_escape_string()?

                                      Also, you're using $HTTP_POST_VARS and $POST - if $POST is supported by your server, use that.

                                        Write a Reply...