slpctrl Posted August 29, 2012 Share Posted August 29, 2012 Alright, I have this script (very basic, trying to refresh my memory on PHP/SQL and such): <html> <body> <center><br /><br /><br /><br /> <form action="" method="post" /> Username: <input type="text" name="username" /><br /> Password: <input type="password" name="pass" /><br /> Email: <input type="text" name="email" /><br /> <input type="submit" /> </form> </center> <?php if (isset($_POST['username']) && isset($_POST['pass']) && isset($_POST['email']) && !empty($_POST['username']) && !empty($_POST['pass']) && !empty($_POST['email'])) { $con = mysql_connect("localhost","root",""); if(!$con) { die("Couldn't connect to DB: " . mysql_error()); } $password = md5($_POST['pass']); mysql_select_db("info", $con); mysql_query("INSERT INTO users (UserName, PassWord, email) VALUES('$_POST[username]', '$password', '$_POST[email]')"); mysql_close($con); } die(""); ?> But, what I want to do is to check the DB first, try to match the information trying to be submitted, and if it exists, stop the information from inserting into the DB. But, can't seem to wrap my head around a simple way. Any help would be appreciated . Quote Link to comment Share on other sites More sharing options...
slpctrl Posted August 30, 2012 Author Share Posted August 30, 2012 Got it easier than I thought, a simple: <html> <body> <center><br /><br /><br /><br /> <form action="" method="post" /> Username: <input type="text" name="username" /><br /> Password: <input type="password" name="pass" /><br /> Email: <input type="text" name="email" /><br /> <input type="submit" /> </form> </center> <?php if (isset($_POST['username']) && isset($_POST['pass']) && isset($_POST['email']) && !empty($_POST['username']) && !empty($_POST['pass']) && !empty($_POST['email'])) { $con = mysql_connect("localhost","root",""); if(!$con) { die("Couldn't connect to DB: " . mysql_error()); } $password = md5($_POST['pass']); mysql_select_db("info", $con); $check = mysql_query("SELECT * FROM users"); while($row = mysql_fetch_array($check)){ if($row['UserName'] == $_POST['username'] || $row['email'] == $_POST['email']){ die("That username or email is already in use!"); } } mysql_query("INSERT INTO users (UserName, PassWord, email) VALUES('$_POST[username]', '$password', '$_POST[email]')"); mysql_close($con); } die(""); ?> Did the trick. Quote Link to comment Share on other sites More sharing options...
DavidAM Posted August 30, 2012 Share Posted August 30, 2012 $check = mysql_query("SELECT * FROM users"); while($row = mysql_fetch_array($check)){ if($row['UserName'] == $_POST['username'] || $row['email'] == $_POST['email']){ die("That username or email is already in use!"); } } You do not need to loop through the entire table. You should be able to so something like this: $sql = sprintf('SELECT UserName FROM users WHERE UserName = "%s" OR email = "%s"', mysql_real_escape_string($_POST['username']), mysql_real_escape_string($_POST['email'])); $check = mysql_query($sql); if ( ($check) and (mysql_num_rows($check) > 0) ) { die("That username or email is already in use!"); } Quote Link to comment Share on other sites More sharing options...
slpctrl Posted August 30, 2012 Author Share Posted August 30, 2012 I just wonder if I could do the above without the sprintf() function...that function really confuses me, not sure what it's doing. Would that be possible? Quote Link to comment Share on other sites More sharing options...
DavidAM Posted August 30, 2012 Share Posted August 30, 2012 sprintf is just formatting the string. Saves having to do concatenation (which I can never remember how to spell) or embedding variables in a string (which we can't do with function calls): $sql = 'SELECT UserName FROM users WHERE UserName = "' . mysql_real_escape_string($_POST['username']) . '"' . ' OR email = "' . mysql_real_escape_string($_POST['email']) . '"'; Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.