[RESOLVED] in_array() not working with variables

Fooglmog

What I'm trying to do is change the usernames in a DB, but provide an error if the new username already exists. It's updating fine, but the check to see if the username already exists doesn't seem to be functioning. Here's the code:

$sql = "SELECT * FROM ".$db_table_prefix."Users";
$users = $db->sql_query($sql);
$errors = array();

while($row = $db->sql_fetchrow($users)) {
$newusername = $_POST[$usernameID];

if (in_array($newusername,$row)){				
$errors[] = "Unable to change ".$row['Username']."'s name because selected username is already in use.";
}

else{
$sql = "UPDATE ".$db_table_prefix."Users SET Username = '".$newusername."', Username_clean = '".sanitize($newusername)."' WHERE User_ID='".$row['User_ID']."'";
$db->sql_query($sql);
}
}

As you can see, the check is being performed by an "in_array" check of array "$row". The interesting thing is that if I replace the variable $newusername simple with the string of one of the names in the DB, it works just fine. But for some reason, when I use a variable there instead it simply ignores the function and doesn't give either a true or a false return. Does the "in_array" function not support variables as the search string? Or have I done something wrong?

Any help would be appreciated.

bradgrafelman

A much, much better way of doing this would be to create a UNIQUE index on the 'username' field and simply perform the UPDATE statement; if it fails with error code 1062 (duplicate data for key), then you know that the username is already in use.

Fooglmog

lol, duh. Problem solved.

I just through in this function:

function usernameExists($username)
{
	global $db,$db_table_prefix;

if(returns_result("SELECT Active FROM ".$db_table_prefix."Users WHERE Username_Clean = '".$db->sql_escape(sanitize($username))."' LIMIT 1") > 0)
	return true;
else
	return false;
}

then changed if (in_array($newusername,$row)) to if (usernameExists($newusername))

It's not quite what you suggested, but it means that I don't have to put a UNIQUE index on username -- something I don't want to do for other reasons.

Thanks a lot mate. That helped.

bradgrafelman

Fooglmog;10945111 wrote:
It's not quite what you suggested, but it means that I don't have to put a UNIQUE index on username -- something I don't want to do for other reasons.

Out of curiosity, would you mind sharing those reasons? Adding the index in the DB would not only keep the constraint-checking internal to the DBMS but it would also help speed up queries that search the table based on a given username.

Fooglmog

Yeah, basically it's because what I'm designing isn't just for me. I stumbled upon a fairly new UMS core a couple months back. It's called usercake. It's literally just a registration script and secure log-in system at it's core, but it's developing a small group of coders who are building modules for it even as the original creator is adding new core features.

There's no admin-back end for it though. And no one's built anything generic. The admin back-ends built so far are specific to one person's project, so have features not everyone would want, and require a good deal of hacking to the core installation files.

I'm designing this in such a way that you don't need to make any changes to the core installation. All you have to do is upload the pages (two of them) and they'll function with the site without any changes.

IOW, I'm designing it to be an idiot-proof installation for others.

bradgrafelman

I see. Still, you could have some type of "install" script alter the users table and add the index if you wanted to go down that route.

Fooglmog

True enough. Still, it's written this way now... and functioning. This was the last thing I had to do.

I'm sure I'll come back to this in a couple weeks to do a rewrite of it. Maybe I'll take your advice then. Thanks for the thoughts.. I'll keep it in mind.