1

I am having issues denying the registration of existing users. please see code below, and further details below that.

<?php
//connect to sql
 $con=mysqli_connect("host","user","pass","db");
  if (mysqli_connect_errno())
   {
   echo "Failed to connect to MySQL: " . mysqli_connect_error();
   }

//pull user id from form input
$uid=$_POST[uid];

//make sure input is not blank
if($uid==""){echo 'Please enter a username.';exit();}

//make sure it is alphanumeric input only
if(!ctype_alnum($uid)){echo 'The username chosen must be alpha-numberic (A-z,0-9),   
without special characters. Please use the back button in your
browser to try again using only alpha-numeric input.';exit();}


//check if user exists
$query=mysqli_query($con, "SELECT * FROM user WHERE uid='$uid'");
if(!$query){die 'query failed to execute';}

if(mysqli_num_rows($query)!=0){echo 'user already exists. Use back button and enter a new username'; exit();
}

//insert record into DB
$sql= "INSERT INTO user (uid, addr, password, passwordlastchanged, email)
 VALUES
 ('$uid', '$_POST[addr]', '$_POST[pwd]','today', '$_POST[email]')";

 if (!mysqli_query($con,$sql))
   {
   die('Error: ' . mysqli_error($con));
   }
 echo "1 record added";

 mysqli_close($con);
 ?>

So when I input through my form it works fine, its just that if I try to register an already existing username, it allows it, when I have setup the query to look for an existing entry and cancel if it finds it (or so i thought...).

can you see what I am doing wrong? again I want it to check for the user name and deny further action if it finds it..

I know this is probably lacking in security, I am unfortunately learning as I go so just getting things to work comes first :) Although security suggestions will be logged and considered at the right time.

I spent an enormous amount of time researching this and I feel like I've tried a lot of various query/ function combos.

Cœur
  • 37,241
  • 25
  • 195
  • 267
BitMonkey14
  • 11
  • 2
  • Your script is vulnerable to SQL injections. Learn [how to prevent them](http://stackoverflow.com/q/60174/53114). – Gumbo Dec 01 '13 at 10:29
  • Thank you, but that doesnt help. If anyone can explain this problem please help. I see a lot of people having issues with it. It seems like php is so all over the place nothing is compatible, any old internet info has outdated proposals. This shouldn't be this difficult, not only is there no definitive explanation as to why its happening this way that's easily accessible , there is 45 different how to fix its that all dont work with new php. anyways its frustrating, I cant imagine this not being an issue that has to be explained and fixed for every website??? has noone made a login system????? – BitMonkey14 Dec 01 '13 at 22:35
  • Well, PHP is aimed to be easy for beginners and you’ll get a working result quite fast when writing a web app in PHP just by using basic functionality. However, this is also to the disadvantage of other aspects such as security. In other, rather general purpose languages such as Ruby or Python require you to use a web framework with lots of abstraction and helpers, which take care of most of these concerns for you. However, PHP doesn’t. And although there are web frameworks for PHP as well, they are hardly used, especially not by those who learn web programming in PHP. – Gumbo Dec 02 '13 at 18:02
  • Ok, thank you for the insight. Why won't anyone address the issue? It sounds like both the people above could've helped out – BitMonkey14 Dec 02 '13 at 21:57

1 Answers1

0

Try

if(mysqli_num_rows($query)>0)

instead of 

 if(mysqli_num_rows($query)!=0)
phlogratos
  • 13,234
  • 1
  • 32
  • 37
CleanX
  • 1,158
  • 3
  • 17
  • 25