nullified Posted May 8, 2008 Share Posted May 8, 2008 hi all, im trying to implement an ajax username check i am close but cant seem to get it to work. there is 3 seperate files so i have uploaded them for ease of tesdting, i hope this is alright, it's just a bit messy to post 3 different pages of code. im pretty sure the problem lies in check.php check.php mysql_connect('localhost', 'root', 'password'); mysql_select_db('dbname'); $query = "SELECT * FROM users WHERE username = "{$_POST['username']}""; $result = mysql_query($query); if(mysql_num_rows($result)>0){ //username already exists echo "yes"; }else{ echo "no"; } [attachment deleted by admin] Quote Link to comment Share on other sites More sharing options...
nickk Posted May 8, 2008 Share Posted May 8, 2008 $query = "SELECT * FROM users WHERE username = "{$_POST['username']}""; should be $query = "SELECT * FROM users WHERE username = '{$_POST['username']}'"; So ' instead of " Also your script is vulnerable to SQL injection (http://en.wikipedia.org/wiki/SQL_injection) through the username POST variable Quote Link to comment Share on other sites More sharing options...
947740 Posted May 8, 2008 Share Posted May 8, 2008 There are multiple ways to prevent injection. One is $string = strip_tags($string); Another is $string = mysql_real_escape_string($string); The latter is the best way. Also, I am in the habbit of using \" in queries, rather than '. Quote Link to comment Share on other sites More sharing options...
nullified Posted May 8, 2008 Author Share Posted May 8, 2008 thanks for the replies, i now have $query = "SELECT * FROM users WHERE username = '{$_POST['username']}'"; $result = mysql_query($query); if(mysql_num_rows($result)>0){ //username already exists echo "yes"; }else{ echo "no"; } but i still get the error PHP Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in check.php on line 8 any ideas Quote Link to comment Share on other sites More sharing options...
BlueSkyIS Posted May 8, 2008 Share Posted May 8, 2008 i suggest that you always check for errors when using mysql_query(): $result = mysql_query($query) or die(mysql_error()); Quote Link to comment Share on other sites More sharing options...
nullified Posted May 8, 2008 Author Share Posted May 8, 2008 i had previously tried that but because of the nature of the script it just returns no errors in the log and the index.html page just says "Username is available" but it isn't Quote Link to comment Share on other sites More sharing options...
nullified Posted May 8, 2008 Author Share Posted May 8, 2008 ok for some reason i must have accidentally hit the period key when typing so that was my mistake lol i've included the package for anyone down the track that is after this type of thing. Thanks for your help it was greatly appreciated. [attachment deleted by admin] Quote Link to comment Share on other sites More sharing options...
nullified Posted May 9, 2008 Author Share Posted May 9, 2008 ok now im wondering is this possible to run from a single php page except for the js obviously. Quote Link to comment Share on other sites More sharing options...
nafetski Posted May 9, 2008 Share Posted May 9, 2008 Yeah =) Just do conditional statements depending what you're trying to do. However, you are a little restricted depending on what divs you are populating with data. Sometimes if your'e going for an ajax "feel" it's easier to enclose your entire "content" div and then just fill it (rather than smaller divs to display error strings, etc) Quote Link to comment Share on other sites More sharing options...
nullified Posted May 10, 2008 Author Share Posted May 10, 2008 could you give me a starting point if possible, just to get me rolling so to speak Quote Link to comment Share on other sites More sharing options...
DarkWater Posted May 10, 2008 Share Posted May 10, 2008 Wait, do you want the ajax and PHP in the same script, or just have a PHP script that checks the username? Quote Link to comment Share on other sites More sharing options...
nullified Posted May 10, 2008 Author Share Posted May 10, 2008 ajax and php or i can run the js in another file but i would like all the other code as php, this is what i have so far but it says query empty obviously because it checks as soon as you load, and im not sure how to change it. mysql_connect('localhost', 'root', 'password'); mysql_select_db('dbname'); echo "<script src=\"jquery.js\" type=\"text/javascript\" language=\"javascript\"></script>\n"; echo "<script language=\"javascript\">\n"; echo "$(document).ready(function()\n"; echo "{\n"; echo " $(\"#username\").blur(function()\n"; echo " {\n"; echo " //remove all the class add the messagebox classes and start fading\n"; echo " $(\"#msgbox\").removeClass().addClass('messagebox').text('Checking...').fadeIn(\"slow\");\n"; echo " //check the username exists or not from ajax\n"; echo " $.post(\"check.php,{ user_name:$(this).val() } ,function(data)\n"; echo " {\n"; echo " if(data=='no') //if username not avaiable\n"; echo " {\n"; echo " $(\"#msgbox\").fadeTo(200,0.1,function() //start fading the messagebox\n"; echo " { \n"; echo " //add message and change the class of the box and start fading\n"; echo " $(this).html('This User name Already exists').addClass('messageboxerror').fadeTo(900,1);\n"; echo " }); \n"; echo " }\n"; echo " else\n"; echo " {\n"; echo " $(\"#msgbox\").fadeTo(200,0.1,function() //start fading the messagebox\n"; echo " { \n"; echo " //add message and change the class of the box and start fading\n"; echo " $(this).html('Username available to register').addClass('messageboxok').fadeTo(900,1); \n"; echo " });\n"; echo " }\n"; echo " \n"; echo " });\n"; echo " \n"; echo " });\n"; echo "});\n"; echo "</script>\n"; echo "<style type=\"text/css\">\n"; echo "body {\n"; echo "font-family:Verdana, Arial, Helvetica, sans-serif;\n"; echo "font-size:11px;\n"; echo "}\n"; echo ".top {\n"; echo "margin-bottom: 15px;\n"; echo "}\n"; echo ".messagebox{\n"; echo " position:absolute;\n"; echo " width:100px;\n"; echo " margin-left:30px;\n"; echo " border:1px solid #c93;\n"; echo " background:#ffc;\n"; echo " padding:3px;\n"; echo "}\n"; echo ".messageboxok{\n"; echo " position:absolute;\n"; echo " width:auto;\n"; echo " margin-left:30px;\n"; echo " border:1px solid #349534;\n"; echo " background:#C9FFCA;\n"; echo " padding:3px;\n"; echo " font-weight:bold;\n"; echo " color:#008000;\n"; echo " \n"; echo "}\n"; echo ".messageboxerror{\n"; echo " position:absolute;\n"; echo " width:auto;\n"; echo " margin-left:30px;\n"; echo " border:1px solid #CC0000;\n"; echo " background:#F7CBCA;\n"; echo " padding:3px;\n"; echo " font-weight:bold;\n"; echo " color:#CC0000;\n"; echo "}\n"; echo "\n"; echo "</style>\n"; if (isset($_POST['username'])) $query = "SELECT * FROM users WHERE username = '{$_POST['username']}'"; $result = mysql_query($query) or die(mysql_error()); if(mysql_num_rows($result)>0){ //username already exists echo "yes"; }else{ echo "no"; } echo "<div align=\"center\">\n"; echo "\n"; echo "<div >\n"; echo " User Name : <input name=\"username\" type=\"text\" id=\"username\" value=\"\" maxlength=\"15\" />\n"; echo " <span id=\"msgbox\" style=\"display:none\"></span>\n"; echo "</div>\n"; echo "\n"; echo "</div>\n"; Quote Link to comment Share on other sites More sharing options...
DarkWater Posted May 10, 2008 Share Posted May 10, 2008 Seperate the AJAX and PHP. The way you had it originally is MUCH better than some bad attempt at trying to recreate it in one file (which isn't possible...at least I think). Quote Link to comment Share on other sites More sharing options...
nullified Posted May 10, 2008 Author Share Posted May 10, 2008 the reason was i was thinking of integrating it into my nuke site if that makes sense lol Quote Link to comment Share on other sites More sharing options...
nullified Posted May 10, 2008 Author Share Posted May 10, 2008 so if i change the check.php page to a function could i just chage this to reference the function instead of the check.php page? $.post(\"check.php,{ user_name:$(this).val() } ,function(data)\n"; Quote Link to comment Share on other sites More sharing options...
phorcon3 Posted May 10, 2008 Share Posted May 10, 2008 <?php '{$_POST['username']}' ?> what are the curly brackets for neway?.. i thought its just <?php mysql_query("SELECT ... `..` = '$_POST[username]'"); ?> Quote Link to comment Share on other sites More sharing options...
nullified Posted May 10, 2008 Author Share Posted May 10, 2008 mmmm im lost lol Quote Link to comment Share on other sites More sharing options...
nullified Posted May 10, 2008 Author Share Posted May 10, 2008 ok i found a better way if someone is able to help me convert this function to work with mysql i basically need this function to check against a mysql table instead of a csv file e.g. SELECT * FROM users here is the original function. $username = $_POST['username']; // get the username $username = trim(htmlentities($username)); // strip some crap out of it $file = '/home/js4hire/public_html/gafyd/data.csv'; // Here's the file. Notice the full path. echo check_username($file,$username); // call the check_username function and echo the results. function check_username($file_in,$username){ $username=strtolower($username); $file = file($file_in); foreach ($file as $line_num => $line) { $line = explode(',',$line); $user = trim(str_replace('"','',$line[0])); if($username == strtolower($user)){ return '<span style="color:#f00">Username Unavailable</span>'; } } return '<span style="color:#0c0">Username Available</span>'; } Quote Link to comment Share on other sites More sharing options...
nullified Posted May 11, 2008 Author Share Posted May 11, 2008 ok im close this is what i have so far but it just blinks sort of and no response, can anyone see any major issues or help identify the problem. echo '<script type="text/javascript" src="jquery.js"></script>'; echo "<script type=\"text/javascript\">\n"; echo "\n"; echo "$(document).ready(function() {\n"; echo " $('#usernameLoading').hide();\n"; echo " $('#username').blur(function(){\n"; echo " $('#usernameLoading').show();\n"; echo " $.post(\"ajaxian.php\", {\n"; echo " username: $('#username').val()\n"; echo " }, function(response){\n"; echo " $('#usernameResult').fadeOut();\n"; echo " setTimeout(\"finishAjax('usernameResult', '\"+escape(response)+\"')\", 400);\n"; echo " });\n"; echo " return false;\n"; echo " });\n"; echo "});\n"; echo "\n"; echo "function finishAjax(id, response) {\n"; echo " $('#usernameLoading').hide();\n"; echo " $('#'+id).html(unescape(response));\n"; echo " $('#'+id).fadeIn();\n"; echo "} //finishAjax\n"; echo "</script>\n"; // Open conection to the database mysql_connect('localhost', 'root', 'password'); mysql_select_db('dbname'); // Function to check if a username exists inside the database function check_user_exist($username) { $username = $_POST['username']; // get the username $username = trim(htmlentities($username)); // strip some crap out of it $username = mysql_escape_string($username); // Make a list of words to postfix on username for suggest //$suggest = array('007', '1', 'theman', 'rocks'); //$suggest = array(); $sql = "SELECT `username` FROM `nuke_users` WHERE `username` = '$username'"; $result = mysql_query($sql); if(mysql_num_rows($result) > 0) { //username already exists echo "<span style=\"color:#f00\">Username Unavailable</span>"; }else{ echo "<span style=\"color:#0c0\">Username Available</span>"; } echo check_user_exist($username); } echo "<fieldset><legend>Registration Form</legend>\n"; echo "<form action=\"ajaxian.php\" method=\"post\">\n"; echo "<p><label for=\"username\">Username:</label> <input type=\"text\" name=\"username\" id=\"username\" />\n"; echo " <span id=\"usernameLoading\"><img src=\"indicator.gif\" alt=\"Ajax Indicator\" /></span>\n"; echo " <span id=\"usernameResult\"></span></p>\n"; echo "<p><label for=\"password\">Password:</label> <input type=\"password\" name=\"password\" id=\"password\"/></p>\n"; echo "<p><input type=\"submit\" name=\"submit\" value=\"Sign Up!\" /></p>\n"; echo "</form>\n"; echo "</fieldset>\n"; Quote Link to comment Share on other sites More sharing options...
DarkWater Posted May 11, 2008 Share Posted May 11, 2008 What's with the 8,500 echo lines? Quote Link to comment Share on other sites More sharing options...
nullified Posted May 11, 2008 Author Share Posted May 11, 2008 What's with the 8,500 echo lines? what's with the no help post Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.