I've looked at the many other posts that were similar to my issue and implemented their solutions (as far as I can tell) as exactly as I could. However, every time I execute this script, the code in the else block is executed (even when the username inputted is one that is already present).
The table name is 'Users' and the column that I am trying to search is 'username'. The input from my form was read into $username
and I verified that it was read in properly using echo . $con
contains the connection to the server.
At some point I also put in echo $query
(nothing was printed) and echo mysql_num_rows($query)
(nothing was printed).
Here's the relevant segment of the code. Would really appreciate some tips.
$query = mysql_query("SELECT username FROM Users WHERE username=$username", $con);
if (mysql_num_rows($query) != 0)
{
echo "Username already exists";
}
else
{
...
}
EDIT: Apparently I was supposed to be using mysqli for my server and the way I checked the num_rows for that was by doing $query->num_rows since it was a property of the object. Thanks for all the help!
Try this:
$query = mysql_query("SELECT username FROM Users WHERE username='$username' ")
Don't add $con
to mysql_query()
function.
Disclaimer: using the username
variable in the string passed to mysql_query
, as shown above, is a trivial SQL injection attack vector in so far the username
depends on parameters of the Web request (query string, headers, request body, etc), or otherwise parameters a malicious entity may control.
$query = mysql_query("SELECT username FROM Users WHERE username='$username' ")
Use prepared statements , do not use mysql as it is deprecated.
// check if name is taken already
$stmt = $link->prepare("SELECT username FROM users WHERE username = :username");
$stmt->execute([
'username' => $username
]);
$user = $stmt->fetch(PDO::FETCH_ASSOC);
if (isset($user) && !empty($user)){
// Username already taken
}
TRY THIS ONE
mysql_connect('localhost','dbuser','dbpass');
$query = "SELECT username FROM Users WHERE username='".$username."'";
mysql_select_db('dbname');
$result=mysql_query($query);
if (mysql_num_rows($query) != 0)
{
echo "Username already exists";
}
else
{
...
}
Everything is fine, just one mistake is there. Change this:
$query = mysql_query("SELECT username FROM Users WHERE username=$username", $con);
$query = mysql_query("SELECT Count(*) FROM Users WHERE username=$username, $con");
if (mysql_num_rows($query) != 0)
{
echo "Username already exists";
}
else
{
...
}
SELECT *
will not work, use with SELECT COUNT(*)
.
$firstname = $_POST["firstname"];
$lastname = $_POST["lastname"];
$email = $_POST["email"];
$pass = $_POST["password"];
$check_email = mysqli_query($conn, "SELECT Email FROM crud where Email = '$email' ");
if(mysqli_num_rows($check_email) > 0){
echo('Email Already exists');
}
else{
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$result = mysqli_query($conn, "INSERT INTO crud (Firstname, Lastname, Email, Password) VALUES ('$firstname', '$lastname', '$email', '$pass')");
}
echo('Record Entered Successfully');
}
Here's one that i wrote:
$error = false;
$sql= "SELECT username FROM users WHERE username = '$username'";
$checkSQL = mysqli_query($db, $checkSQL);
if(mysqli_num_rows($checkSQL) != 0) {
$error = true;
echo '<span class="error">Username taken.</span>';
}
Works like a charm!
Change this
$query = mysql_query("SELECT username FROM Users WHERE username=$username", $con);
To
$query = mysql_query("SELECT username FROM Users WHERE username='$username'");
PHP 7改进了查询.........
$sql = mysqli_query($conn, "SELECT * from users WHERE user_uid = '$uid'"); if (mysqli_num_rows($sql) > 0) { echo 'Username taken.'; }
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.