I have a registration script written in PDO. When the user registers, the code below is supposed to check if the username already exists in the database.
- If it does, it displays an error.
- If it doesn't, it inserts the inputted data to the database.
The issue is that even if the username exists, it still inserts the inputted data into the database.
Here's my database connection:
$db_username = "username";
$db_password = "password";
$con = new PDO("mysql:host=localhost;dbname=database", $db_username, $db_password);
Here's my registration script:
<?php
if(isset($_POST['submit'])) {
$checkusername = $stmt = $con->prepare("SELECT * FROM users WHERE username=':username'");
$stmt->bindParam(':username', $_POST['username']);
$stmt->execute();
if($checkusername->rowCount() > 0) {
echo "Username already exists.";
}else{
$status = 'Hello there!';
$about = 'Hello!';
$stmt = $con->prepare("INSERT INTO users (username, password, email, status, about) VALUES (:username, :password, :email, :status, :about)");
$stmt->bindParam(':username', $_POST['username']);
$stmt->bindParam(':password', md5($_POST['password']));
$stmt->bindParam(':email', $_POST['email']);
$stmt->bindParam(':status', $status);
$stmt->bindParam(':about', $about);
$stmt->execute();
header('Location: index.php');
}
}
?>
<form method="post">
<input type="text" name="username">
<input type="password" name="password">
<input type="email" name="email">
<?php echo $errorusername = !empty($errorusername) ? $errorusername : ''; ?>
<?php echo $errorpassword = !empty($errorpassword) ? $errorpassword : ''; ?>
<?php echo $erroremail = !empty($erroremail) ? $erroremail : ''; ?>
<input type="submit" name="submit">
</form>
