0

I have a registeration form with the if statement:

$query = "SELECT `username` FROM `users` WHERE `username`='$username'";
$query_run = mysql_query($query);

if (mysql_num_rows($query_run)==1) 
{
    echo "Username already exist.";
}

The thing i want to do is checking also the "email" and "nickname" if they exist in database. How can i do that?

Ozan Kurt
  • 3,731
  • 4
  • 18
  • 32

6 Answers6

1

Try this,

SELECT `username`, `email`, `nickname`
FROM `users`
WHERE (`username` = '$username' OR
       `email` = '$username' OR
       `nickname` = '$username' )
Tony
  • 9,672
  • 3
  • 47
  • 75
Krish R
  • 22,583
  • 7
  • 50
  • 59
1

You should not use plain mysql_query

To quote php.net

Warning This extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQL extension should be used. See also MySQL: choosing an API guide and related FAQ for more information. Alternatives to this function include: mysqli_query() PDO::query()

Try using PDO or mysqli. This is essential to prevent mysql injections.

http://php.net/manual/en/pdo.prepared-statements.php

Here is an example for how to do this with PDO

$config['db'] = array(
    'host'          => 'localhost',
    'username'      => 'username',
    'password'      => 'password',
    'dbname'        => 'dbname'
    );



$db = new PDO("mysql:host={$config['db']['host']};dbname={$config['db']['dbname']}",
              $config['db']['username'], $config['db']['password']);


$sql = "SELECT * FROM `users`";
$stmt = $db->prepare($sql);
$stmt->execute();

$users = $stmt->fetchAll()

$username = 'Bob';
$email = 'bob@gmail.com';
$nickname = 'BobTheMan';

foreach($users as $user)
{
    if($user['username'] == $username)
    {
        // there is a user by this username
    }
    if($user['email'] == $email)
    {
        // there is a user by this email
    }
    if($user['nickname'] == $nickname)
    {
        // there is a user by this nickname
    }
}
Dharman
  • 30,962
  • 25
  • 85
  • 135
oBo
  • 992
  • 2
  • 13
  • 28
0

  1. Use prepared statements. And mysql_* has been deprecated

  2. SELECT * instead of SELECT 'username' vill return you whole row and you can check all fields

rinchik
  • 2,642
  • 8
  • 29
  • 46
  • Why * instead of just `username`, he/she just want to know whether user already exists or not – Bhavik Shah Feb 27 '14 at 15:29
  • oh... after reading i thought that he wants to know if those fiedls are populated not that he wants to check username against those fields ) – rinchik Feb 27 '14 at 15:34
  • Bhavik Shah, he also want to know how to check if "email" and "nickname" exists in the database, and if he just grabs username, then email, then nickname he'll run 3 queries to the DB instead of grabbing all columns and then looping through them with PHP (with 1 querie) – oBo Feb 27 '14 at 15:52
0
$result = $conn->query($sql);
if ($result->num_rows > 0) {
  print_r($result);
} else {
  echo "0 results";
}
h3t1
  • 1,126
  • 2
  • 18
  • 29
Fazool Mohamed
  • 1
  • 1
-1
// sql injection friendly code! *here*
$query = "SELECT `username` FROM `users`
    WHERE '$username' IN (`username`, `email`, `nickname`) LIMIT 1;";
$query_run = mysql_query($query);
if (mysql_num_rows($query_run) == 1){
    echo "Username already exist.";
}

I assume values are unique in users as you do == 1. Otherwise change == 1 to > 0 and remove LIMIT 1.

CodeAngry
  • 12,760
  • 3
  • 50
  • 57
-1

Expanding what Nouphal said. 

$query = "SELECT `username` FROM `users` WHERE `username'=$username OR 'email' = $email";
Funk Forty Niner
  • 74,450
  • 15
  • 68
  • 141
General_Twyckenham
  • 2,161
  • 2
  • 21
  • 36