PHP - MySQL I always got username exists, but why?

Question

I tried echo($numrows);

numrows is equal to 0. then why i got this error : username exists?

I went trough it all many times, but I can't find what is the problem..

<?php

function generateRandomString($length = 6) {
    $characters = '0123456789abcdefghijklmnopqrstuvwxyz';
    $charactersLength = strlen($characters);
    $randomString = '';
    for ($i = 0; $i < $length; $i++) {
        $randomString .= $characters[rand(0, $charactersLength - 1)];
    }
    return $randomString;
}

//innen regiszt:
$username = strip_tags($_POST['username']);
$email1 = strip_tags($_POST['email1']);
$email2 = strip_tags($_POST['email2']);
$pw1 = strip_tags($_POST['pw1']);
$pw2 = strip_tags($_POST['pw2']);

if($username&&$email1&&$email2&&$pw1&&$pw2)
    {
     if ($email1==$email2)
         {
             if ($pw1==$pw2)
             {               
                 if (5<strlen($pw1)&&20>=strlen($pw1))
                 {
                    if (5<strlen($pw1)&&20>=strlen($pw1)) 
                    {                       
                    $connect = mysql_connect('HOST','UNAME','PW');
                    $database = mysql_select_db('virtualtc',$connect);  
                    $query = mysql_query("SELECT * FROM users WHERE username='$username'");
                    $querymail = mysql_query("SELECT * FROM users WHERE email='$email1'");
                    $numrowsmail = mysql_num_rows($querymail);
                    $numrows = mysql_num_rows($query);
                       if ($numrows=0)
                       {
                            if ($querymail=0)  
                            {
                                $md5pass= md5($pw1);
                                $date=date("Y-m-d");
                                $query3 = mysql_query(
                                    "INSERT INTO users VALUES '','$username','$md5pass','$email1', 0 ,'$date'");
                                include("registration_complete.php");//regist

                            }else include("/errors/email_exists.html");//email exists
                       }else include("/errors/user_exists.html")//user exists                   
                    }else include("/errors/uname_length.html");//username length 6-20!                   
                 }else include("/errors/pass_length.html"); //password length 6-20!              
             } else include("/errors/different_pw.html");//different password
         } else include("/errors/different_email.html");//different email
    } else include("/errors/empty_regist.html");//empty field


?>

if ($numrows=0) should be if ($numrows==0) -- you are setting $numrows to 0 which will always be true, instead of testing if it is 0. — DragonYen, Aug 04 '15 at 12:54
@DragonYen Small typo in your comment `if($numrows = 0)` will always be false. — Jim, Aug 04 '15 at 12:55
If you can, you should [stop using `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php). They are no longer maintained and are [officially deprecated](https://wiki.php.net/rfc/mysql_deprecation). Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) [statements](http://php.net/manual/en/pdo.prepared-statements.php) instead, and consider using PDO, [it's really not hard](http://jayblanchard.net/demystifying_php_pdo.html). — Jay Blanchard, Aug 04 '15 at 12:59
[Your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) — Jay Blanchard, Aug 04 '15 at 13:00
You really shouldn't use MD5 password hashes and you really should use PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html) to handle password security. — Jay Blanchard, Aug 04 '15 at 13:01
@ all answers given below (so far).- You missed so many syntax errors, it's not funny. *Ain't it Sam?* @JayBlanchard — Funk Forty Niner, Aug 04 '15 at 13:08
*Nope, Ralph.* Points should be awarded for completeness @Fred-ii- — Jay Blanchard, Aug 04 '15 at 13:11
*I agree totally with you Sam* - @JayBlanchard how many times we get shot down for answers like that. Just because we're higher repped, doesn't mean that lower reps shouldn't be treated the same way. *"What's good for the goose, is good enough for the gander"*, as the saying goes ;-) — Funk Forty Niner, Aug 04 '15 at 13:13
*We're being ignored Sam* - @JayBlanchard and an answer accepted? lol — Funk Forty Niner, Aug 04 '15 at 13:20
*They'll be back Ralph. They always come back.* heh @Fred-ii- — Jay Blanchard, Aug 04 '15 at 13:22
@Jim - eep, thanks. I can't edit it (been too long I suppose). I could delete it, but then your comment would be out of place. — DragonYen, Aug 04 '15 at 14:22

score 1 · Answer 1 · answered Aug 04 '15 at 12:56

You wrote if($numrows=0) which will change $numrows to 0 and then check the value. 0 in php equals false so thats why the else block is executed.

Sidenote: Please for the love of readability, stop writing arrow code. You could write a function to check if a username is taken or not...

Przemysław Jan Wróbel · Answer 2 · 2015-08-04T13:59:11.933

1

Because you are assigning, not comparing

if ($numrows=0)

should be

if ($numrows==0)

Same applies to other condition statements.

Well, I don't see your schema, but I would do:

mysql_query("INSERT INTO users VALUES (NULL,'$username','$md5pass','$email1', 0 ,'$date')");

assuming you first column is AI.

Also, don't forget to prepare your data before you pass it database, for example with addslashes at least.

edited Aug 04 '15 at 13:59

answered Aug 04 '15 at 12:57

Przemysław Jan Wróbel

284
2
8

True, there's more than one as you mention. If you want to answer this one fully, take a look at what's inside `$query3 = mysql_query(...` ;-) nobody caught that major syntax error. – Funk Forty Niner Aug 04 '15 at 13:28
Well, I don't see your schema, but I would do: `mysql_query("INSERT INTO users VALUES (NULL,'$username','$md5pass','$email1', 0 ,'$date')")` Assuming you first column is AI. Also, don't forget to prepare your data before you pass it database, for example with `addslashes` at least. – Przemysław Jan Wróbel Aug 04 '15 at 13:36
I am not the OP here. Look at the names ;-) – Funk Forty Niner Aug 04 '15 at 13:37
you should also place that in your answer and not in comments, should someone flag that comment containing code and it gets deleted. – Funk Forty Niner Aug 04 '15 at 13:43

score 0 · Accepted Answer · answered Aug 04 '15 at 12:54

0

Using only one = will set $numrows to 0, not checking if $numrows IS 0

if($numrows == 0)

answered Aug 04 '15 at 12:54

vonUbisch

1,384
17
32

how does this answer the question? you've missed quite a bit here. – Funk Forty Niner Aug 04 '15 at 13:20

score 0 · Answer 4 · answered Aug 04 '15 at 12:54

0

Change

if ($numrows=0)

to

 if ($numrows==0)

= means assignment

and

== means comparison

For reference see here

answered Aug 04 '15 at 12:54

Meenesh Jain

2,532
2
19
29

PHP - MySQL I always got username exists, but why?

4 Answers4