Unique username

[slj90]

How would I make it so that a user can't register a username that is already in use?

 

Here is my registration action code..

 

<?php
  //Include the connection details, open $connection and select database
include ("connection.php");

// Initialise a string to report back any errors 
$errorString = ""; 


   
$newFirstname = $_POST['txtFirst'];
$newSurname = $_POST['txtSurname'];
$newUsername = $_POST['txtUser'];
$newEmail = $_POST['txtEmail'];
$newPassword = $_POST['txtPassword'];
$newAddress = $_POST['txtAddress'];
$newPostCode = $_POST['txtPostCode'];
$newCity = $_POST['txtCity'];
$newCountry = $_POST['txtCountry'];

if (empty($newFirstname))  
$errorString = $errorString."<br>Please supply First name."; 
   
$query = "INSERT INTO Customer (Firstname, Surname, Username, Email, Password, Address, PostCode, City, Country, SDate) VALUES ('$newFirstname', '$newSurname', '$newUsername', '$newEmail', '$newPassword', '$newAddress', '$newPostCode', '$newCity', '$newCountry', CURRENT_DATE)"; 

// (4) Run query through connection
$result = mysql_query($query);

// (5) print message with ID of inserted record    
header("Location: userreceiptpage.php?"."CustomerID=". mysql_insert_id($connection));   
        
// (6) close connection 
    mysql_close($connection);     

?> 

 

 

I am also trying to make it so it brings up the error message if a field was empy, but have only put the first name one in as an example. It doesn't work.

 

 

Thank you for all your help today!

[Buddski]

First thing you can do is create the validation

something like this is always good..

 // This function also turns the forms name attribute into a variable so <input name="test" will become $test in this script. It saves having to write them all out as you have..
$errors = array();
foreach ($_POST as $key=>$value) {
if ($value == '') {
$errors[] = $key .' value missing!';
} else {
$$key = mysql_real_escape_string($value); // Sanitize it for bad inputs etc..
}
}

 

Once you have done this you can then check the error array length.. if its > 0 there was an error otherwise continue with the code..

if (count($errors) > 0) {
echo 'Some Errors occured please fix them.<br/>'.join('<br/>',$errors);
} else {
//Do the rest of the script //
}

 

As for checking the username you need to do a search in your database for that username. if a result comes back then it cannot be used otherwise its good to go..

[Buddski]

I went one step further as I am EXTREMELY bored right now.. and have coded it how I would probably do it..

include ("connection.php");

$errors = array();
// Iterate through the $_POST and clean the strings and record errors //
foreach ($_POST as $key=>$value) {
if ($value == '') {
	$errors[] = $key .' value missing!'; // the value is '' so its an error //
} else {
	$$key = mysql_real_escape_string($value); // Sanitize it for bad inputs etc..
}
}

if (count($errors) > 0) {
// Errors are found // Lets see them //
echo 'Some Errors occured. Please fix them.<br/>'.join('<br/>',$errors);
} else {
// Check the Username //
$sql = "SELECT * FROM Customer WHERE Username = '".$txtUsername."'";
$sql_query = mysql_query($sql) or trigger_error('Error retrieving Username<br>'.mysql_error());
if (mysql_num_rows($sql_query) > 0) { // There were results so show them a sorry message.
	echo 'Sorry. This username is taken.';
} else {
	// Its good to go //
	$query = "INSERT INTO Customer (Firstname, Surname, Username, Email, Password, Address, PostCode, City, Country, SDate) VALUES ('$txtFirst', '$txtSurname', '$txtUser', '$txtEmail', '$txtPassword', '$txtAddress', '$txtPostCode', '$txtCity', '$txtCountry', NOW())"; 
	$result = mysql_query($query) or trigger_error('Error inserting record: <br>'.mysql_error());;
	if (is_resource($result)) { // Makes sure that the query was successful // I dont normally do this but it looks good 
		$next_id = mysql_insert_id();
		mysql_close($connection);  
		header("Location: userreceiptpage.php?CustomerID=" . $next_id); 
	}
}    
}

This is untested