Ajax Database Checking Help

[herghost]

Hope this is the right section as this contains ajax, javascript and php!

 

Basically my problem is this. I have a form and once the username has been entered, an ajax/js function should call a PHP page to check if the username is available. However it does not seem to be working properly as it always displays that the username is available even when it isnt!

 

This is the .php page where the form etc lies:

 

<script language="JavaScript"  src="include/form_valid.js" type="text/javascript"></script>
<script src="include/jquery.js" type="text/javascript" language="javascript"></script>
<script language="javascript">

$(document).ready(function()
{
$("#username").blur(function()
{
	//remove all the class add the messagebox classes and start fading
	$("#msgbox").removeClass().addClass('messagebox').text('Checking...').fadeIn("slow");
	//check the username exists or not from ajax
	$.post("include/user_availability.php",{ username:$(this).val() } ,function(data)
        {
	  if(data=='no') //if username not avaiable
	  {
	  	$("#msgbox").fadeTo(200,0.1,function() //start fading the messagebox
		{ 
		  //add message and change the class of the box and start fading
		  $(this).html('This User name Already exists').addClass('messageboxerror').fadeTo(900,1);
		});		
          }
	  else
	  {
	  	$("#msgbox").fadeTo(200,0.1,function()  //start fading the messagebox
		{ 
		  //add message and change the class of the box and start fading
		  $(this).html('Username available to register').addClass('messageboxok').fadeTo(900,1);	
		});
	  }

        });

});
});
</script>
<link href="stylesheet.css" rel="stylesheet" type="text/css">
</head>

<?php
session_start();?>
    
    <?php include('include/header.php');?>
    <?php include('include/ajax.js');

?>


<body class="twoColElsLt">
<div id="container">
<div id="leftblock1">
  <h3>Please Enter Your Required Registration Details</h3>
  <h3><br>
    The registration process will take roughly 20 minutes to complete. Once this has been completed you will be taken to your member area which will display your current details and show how many times prospective employers have viewed your details. </h3>
    <p>
     
  </p>
</div>
  <p><br />
  <br />
  <br />
  Registration Step 1 - Personal Details</p>
  <p>You Are <span class="redtext">0%</span> Complete<br />
    <br />
    <br />
    
    
  </p>
  
  <form action="registration_step2.php" name="step1" method="post">
    <table width="300" border="0" align="center" cellpadding="2" cellspacing="0">
      <tr>
        <input name="member_id" id="member_id" type="hidden" />
      </tr>
      <tr bgcolor="#FFFFFF">
        <th>First Name* </th>
        <td class="tdback"><input name="firstname" type="text" class="redtext" id="firstname" /></td>
        <td class="tdback"> </td>
      </tr>
      <tr bgcolor="#FFFFFF">
        <th>Last Name* </th>
        <td class="tdback"><input name="lastname" type="text" class="redtext" id="lastname" /></td>
        <td class="tdback"> </td>
      </tr>
      <div >
        <tr>
          <th>User Name*</th>
          <td><input name="username" type="text" id="username" value="" maxlength="15" /></td>
          <td></td>
        </tr>
      </div>
      <tr bgcolor="#FFFFFF">
        <th>Password*</th>
        <td class="tdback"><input name="passwd" type="password" class="redtext" id="passwd" /></td>
        <td class="tdback"> </td>
      </tr>
      <tr bgcolor="#FFFFFF">
        <th>Email Address *</th>
        <td class="tdback"><input name="email" type="text" class="redtext" id="email" /></td>
        <td class="tdback"> </td>
      </tr>
      <tr>
        <td> </td>
        <td class="tdback"><input type="submit" name="Submit" value="Continue Registration" /></td>
        <td class="tdback"> </td>
      </tr>
    </table>

    <p>* = This Field is Required</p><br />
<br />
<br />
    <p><span id="msgbox" style="display:none"></span></p>
       </form>
  <script language="JavaScript" type="text/javascript">
var frmvalidator = new Validator("step1");
frmvalidator.EnableMsgsTogether(); 
frmvalidator.addValidation("firstname","req","Please enter your First Name");


frmvalidator.addValidation("lastname","req", "Please enter your Surname ");



frmvalidator.addValidation("login","req", "Please enter Desired User Name");

frmvalidator.addValidation("passwd","req", "Please enter your Desired Password");
frmvalidator.addValidation("passwd","maxlen=12");



  frmvalidator.addValidation("email","req", "Please enter your Email Address");
frmvalidator.addValidation("email","email");
</script>
     
</div>
</body>

 

The .js file that this particular call refers to is jquery

 

 

and finally the .php it calls is:

 

<?php

$db_host = "localhost"; //Change your hostname
$db_user = "admin"; //Change Your own database userid
$db_pass = "*******"; // Change your own password
$db_name = "cvsite"; // And your database name.
mysql_connect($db_host, $db_user, $db_pass) or die(mysql_error());
mysql_select_db($db_name);
//this varible contains the array of existing users
$username=$_POST['username'];
$query="SELECT * from `members` where `username`=`$username`"; //Here I check the username
$result=mysql_query($query);
$existing_users=mysql_fetch_array($result);
//value got from the get method
//checking weather user exists or not in $existing_users array
if (in_array($username, $existing_users))
{
//user name is not availble
echo "no";
}
else
{
//user name is available
echo "yes";
}
?>

 

Can anyone see what the fault is?

 

My database is called cvsite, the table called members and the particular coloum in question is called username.

 

Thanks

[Floydian]

$("#username").blur(function()

 

I'm not a jQuery guy, but you should be able to change blur to "change" or perhaps "onchange". Doing that would give the user feedback on the name availability as they type. I know it's more page requests, but is more user friendly than requiring a blur.

 

 

  $.post("include/user_availability.php",{ username:$(this).val() } ,function(data)

 

 

Again, I'm not a jQuery guy, but what seems odd to me, is the data variable that is an argument in your function there may be an xmlhttl response object.

 

if(data=='no') //if username not avaiable

 

Simply comparing it to "no" may not be enough. Perhaps it's data.responseText == 'no'

 

responseText would be where the text response is traditionally stored in an xmlhttp response object.

 

Since an object wouldn't == 'no', that is a likely cause of the script always saying the name is available.

 

In the php script, you have a security voulnerability.

 

$username=$_POST['username'];

 

You need to wrap that post var in a mysql_real_escape_string();

 

If you are using magic quotes, wrap that post in a stripslashes and then the escaping function.

 

And the way you do the query isn't exactly the best.

 

$query="SELECT count(*) from `members` where `username`=`$username`"; //Here I check the username
$result=mysql_query($query);
// I'm going to grab the first array result and store 
// it in $num_matches which will always be a number in this case
list($num_matches)=mysql_fetch_array($result);

// If the number is 1 or more, the username is not available
if ($num_matches)
{
//user name is not availble
echo "no";
}
else
{
//user name is available
echo "yes";
}
?>

 

Good luck!