注册页面，电子邮件或密码是否存在

Question

I've written a registration page in PHP using prepared statements. My question is a fairly simple one. When a user registers I want to make sure that they aren't registering under the same username or email as another person. Therefore as part of my verification procedure I run two queries, one to check if the email exists and one to check if the username exists. My question is, is there a better method? I feel that running more that one query could somehow sacrifice some performance. Will performance even be noticably affected by such a query? I realise that I could run "SELECT * FROM table WHERE username = ? or email = ?", but I would like the user to know what they got wrong rather than just a generic "Either your username or email is currently being used, feel free to use trial and error to find which it is". It's probably me just being paranoid about speed, but I was just interested to see what everyone else's opinion on the matter is.

Answer 1

Run your query with OR and check the returned results to report what exactly you've found.

However, depending on database internals and indexing, two separate queries might be even faster than OR'ed together. You'd better benchmark all cases (found one, found both, found none) for definite answer about your environment.

Answer 2

In database where you are keeping user's information make the username and email entity unique. Like primary key.

Answer 3

Your query is good; You will have 1 or 2 result; 2 if a registration exists with only the email or only the nickname; 1 if a registration has the email and nickname; use JS and specify the reasons on the right of the input fields

Answer 4

Well, I suppose that would be the simplest way:

SELECT IF(username = :username_to_check, 1, 0) AS dup_username
  FROM users
 WHERE username = :username_to_check OR email = :email_to_check

Then you check: 1) the number of rows - if it's 0, no duplicates were found; 2) the dup_username flag of your result, if rows count > 0.

Here's an example to play with.

Answer 5

I dont think its bad for performance

if you have select query that is getting one row from table; of lets say thousands rows ; then the impact is not to be mentioned at all..

What effect your performance is join queries which needs a lot of resources which isn't happening at your case ...

I believe its safe to use it separately, we've been doing it on our website which currently have over one million users

also try to run this query in your mysql server and see how long it takes this can help (especially for more complicated queries )

Answer 6

    $result = mysql_query("SELECT * FROM table1 WHERE Username = ''", $link);
    $num_rows = mysql_num_rows($result);

    $result2 = mysql_query("SELECT * FROM table1 WHERE Email= ''", $link);
    $num_rows2 = mysql_num_rows($result2);

    $checkUsrN = false;
    $checkEmail = false;
    $mesg = "The following is bad: ";

    if($num_rows == 0)
    {
       $checkUsrN = true;         
    }
    else{
        $mesg .= "Username";
    }

    if($num_rows2 == 0)
    {
       $checkEmail = true;
    }
    else{
        $mesg .= "Email";
    }

    if($checkUsrN == false || $checkEmail == false)
    {
       echo $mesg;
       break;
    }

How is that for your purpose?