Different if statements in php

Question

So i have a php register script on my website which is mysql i have noticed today somebody has registered with the same username has a staff member. I have tryied to do it my self but the if statement stop's me but some how they got past it so i just need to ask what if the different between == and === in php i think i read some were that if i use === it will make it exact.

// here we check to see if the username is all ready in the db
    $sql2 = "SELECT `username` FROM `users` WHERE `username` = '" . $user2. "'";
    $result2 = mysql_query($sql2) or die(mysql_error());

    if (mysql_num_rows($result2)==1) { 
        echo "A Account Is All Ready Here";
    } else {
    //
now we made the account

}

I know that i should move over to pdo i think maybe this would fix it

// here we check to see if the username is all ready in the db
    $sql2 = "SELECT `username` FROM `users` WHERE `username` = '" . $user2. "'";
    $result2 = mysql_query($sql2) or die(mysql_error());

    if (mysql_num_rows($result2)===1) { 
        echo "A Account Is All Ready Here";
    } else {


}

The problem is that one users registers has abc and then another registeres with abc <- with a space after it and it says the username is not in use and then when the person logins with the space after the username ti will login them into the normal abc one...

possible duplicate of [How do the equality (== double equals) and identity (=== triple equals) comparison operators differ?](http://stackoverflow.com/questions/80646/how-do-the-equality-double-equals-and-identity-triple-equals-comparis) — André Dion, Aug 07 '13 at 21:53
if your user input is not properly escaped, this could be a problem! Also, I would use "greater than zero" instead of "equals one": `if (mysql_num_rows($result2)>0)` just in case you have this situation somehow with 2 users having the same name! — Joe T, Aug 07 '13 at 21:55
Ok so your answer worked the if (mysql_num_rows($result2)>0) please post the answer has a answer and i will pick it has the answer thank you. — Billy White, Aug 07 '13 at 22:01

invisal · Answer 1 · 2013-08-07T22:01:59.297

Here is my opinion

Even you don't use PDO, at least use mysql_real_escape_string($user2).
Using > is a better solution. if (mysql_num_rows($result2) > 0) because if there are two duplicated account or more, your condition will be broken.
The best solution is to put username field in your database as UNIQUE.

The problem is that one users registers has abc and then another registeres with abc <- with a space after it and it says the username is not in use and then when the person logins with the space after the username ti will login them into the normal abc one..

The solution is to build username validation. You need to specify what character set that is allowed for username. For example: only alphabet, number, and underscore. If user register with unsupported character, give him an error message.

The problem is that one users registers has abc and then another registeres with abc <- with a space after it and it says the username is not in use and then when the person logins with the space after the username ti will login them into the normal abc one... — Billy White, Aug 07 '13 at 21:58

score 0 · Answer 2 · answered Aug 07 '13 at 21:54

0

== compares values

=== compares values and types, then '1' is not 1 as usually in php

Also add UNIQUE constraint on your username database table column to avoid duplicity in database.

answered Aug 07 '13 at 21:54

Fanda

3,760
5
37
56

score 0 · Answer 3 · answered Aug 07 '13 at 21:55

0

The == operator just checks to see if the left and right values are equal. But, the === operator (note the extra “=”) actually checks to see if the left and right values are equal, and also checks to see if they are of the same variable types

answered Aug 07 '13 at 21:55

legrandviking

2,348
1
22
29

so im right 3 of them would make it so they can not use the same username ? – Billy White Aug 07 '13 at 21:56

M Khalid Junaid · Answer 4 · 2013-09-29T19:30:16.577

0

== is the comparison operator (checks if two variables have equal values)
=== is the identical comparison operator (checks if two variables have equal values and are of the same type).

It should be > if you are checking the user name results

if (mysql_num_rows($result2)>0){
 echo "A Account Is All Ready Here";
}

edited Sep 29 '13 at 19:30

answered Aug 07 '13 at 21:55

M Khalid Junaid

63,861
10
90
118

dognose · Answer 5 · 2013-08-07T22:21:46.160

First, the Comparision difference (PHP):

1 == true (will result in true)

1 === true (will result in false)

== just checks for an equal value (1 == true Returns true), while === also checks for the type (1 === true is false (Integer vs Boolean))

Second: Your Whitespace Problem:

IF you are using the MYSQL =, that DOES NOT mean, that the values have to be 100% equal.

SELECT 'abc ' = 'abc' will return a single field 1, because ist threaded equal. Use the Like comparision instead: SELECT 'abc ' LIKE 'abc' will return 0

Reason: = does not care about trailing-whitespaces. LIKE will do.

Per the SQL standard, LIKE performs matching on a per-character basis, thus it can produce results different from the = comparison operator:

In particular, trailing spaces are significant, which is not true for CHAR or VARCHAR comparisons performed with the = operator ...

On a Sitenode: using = in SQL along with a certain collation CAN be usefull, f.e. when having Special chars: SELECT 'Mass' = 'Maß' Collate utf8_unicode_ci will return true, while SELECT 'Mass' LIKE 'Maß' Collate utf8_unicode_ci will return false due to different string length.

Different if statements in php

5 Answers5