-1

I want to check if a user already exists. I made the following code but it is not working. The echo in the checkUser is only to look if it jumps in the if clause.

$email = $_POST['email'];
$username = $_POST['username'];
$password = $_POST['password']; 
$checkUserID = mysql_query("SELECT * 
                            FROM users 
                            WHERE username = '$username'");

if (mysql_num_rows($checkUserID) >= 1) {
    //echo "User id exists already.";
    echo "testststst";
    $user1 = mysql_fetch_array($checkUserId);
    $result = flashMessage("User is already taken, please try another one");
    //print_r($user); // the data returned from the query
}else if(empty($form_errors)){
...formcheck...
}

I hope somebody can help me I don't know what to do.

Tom Tom
  • 3,680
  • 5
  • 35
  • 40
Moritz Kosubek
  • 7
  • 6
  • the only way this would fail would be that your entire code failed. – Funk Forty Niner Jan 27 '17 at 23:29
  • 1
    Every time you use [the `mysql_`](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php) database extension in new code **[a Kitten is strangled somewhere in the world](http://2.bp.blogspot.com/-zCT6jizimfI/UjJ5UTb_BeI/AAAAAAAACgg/AS6XCd6aNdg/s1600/luna_getting_strangled.jpg)** it is deprecated and has been for years and is gone for ever in PHP7. If you are just learning PHP, spend your energies learning the `PDO` or `mysqli` database extensions and prepared statements. [Start here](http://php.net/manual/en/book.pdo.php) – RiggsFolly Jan 27 '17 at 23:30
  • you mean the database connection? – Moritz Kosubek Jan 27 '17 at 23:31
  • Well we cannot see that you have made a database connection – RiggsFolly Jan 27 '17 at 23:32

3 Answers3

1

I suggest you tu use PDO library. For your problem the best solution is to have the username in the table as PRIMATY KEY or with a UNIQUE CONSTRAINT. This way, if you try to insert two times the same username, the query will throw an exception (or will return false depending how you set it) and it's easier to do.

ollaw
  • 2,086
  • 1
  • 20
  • 33
0

I can see the following problems with your code--

  1. You haven't made any database connection.

  2. You should check whether the $_POST variables are available or not. That is try to use if(isset) function to check it.

  3. Try using prepared statements as they are more secure.

neophyte
  • 6,540
  • 2
  • 28
  • 43
-1

first of all ur code is vulnerable to sql injections. Wrapped the form data with the function. 

<?php

//function to prevent sql injections
function validateFormData($formData) {
    $formData = trim( stripslashes( htmlspecialchars( strip_tags( str_replace( array( '(', ')' ), '', $formData ) ), ENT_QUOTES ) ) );
    return $formData;
}
$email = validateFormData($_POST['email']);
$username = validateFormData($_POST['username']);
$password = validateFormData($_POST['password']); 
$checkUserID = mysql_query("SELECT * 
                            FROM users 
                            WHERE username = '$username'");

if (mysql_num_rows($checkUserID) >= 1) {
    //echo "User id exists already.";
    echo "testststst";

    while ($row = mysqli_fetch_assoc($checkUserID)){
        //set some variables to save some data
        $usernameD = $row['username'];


    }

            //compare form username with db username{

    if($usernameD === $username){
        echo "Username already taken";
    }else{

        //continue the rest...

    }


}

?>