slj90 Posted April 29, 2014 Share Posted April 29, 2014 (edited) <?php include 'connect.php'; $username = 'Sam'; $result = mysql_query("SELECT * FROM users WHERE user_username = $username"); if(mysql_num_rows($result) == 0) { echo "available"; }else{ echo "not-available"; } ?> What could be wrong here? It says that the username is available when it has already been taken. Thanks, Edited April 29, 2014 by slj90 Quote Link to comment Share on other sites More sharing options...
Solution requinix Posted April 29, 2014 Solution Share Posted April 29, 2014 Use mysql_error to find out why your query failed. Also, stop using the mysql_* functions and learn about PDO or mysqli (or both) and the prepared statements they offer instead. They're faster and easier and safer. Because what you have now has a big, glaring vulnerability that will let people completely ruin your site if they wanted. Quote Link to comment Share on other sites More sharing options...
slj90 Posted April 29, 2014 Author Share Posted April 29, 2014 Thanks for the reply. The error reads "Access denied for user 'lee'@'localhost' (using password: NO)" However, I am using the same connect.php file to write to the database and that works fine. Quote Link to comment Share on other sites More sharing options...
bsmither Posted April 29, 2014 Share Posted April 29, 2014 Assuming you get the user/pass fixed: WHERE user_username = $username Please consider using apostrophes to surround string values. WHERE user_username = '$username' Quote Link to comment Share on other sites More sharing options...
slj90 Posted April 29, 2014 Author Share Posted April 29, 2014 I have got it working now. There was a problem with the connection which it strangely worked on another page but not this one. I will check out mysqli. Many thanks! Quote Link to comment Share on other sites More sharing options...
Jacques1 Posted April 29, 2014 Share Posted April 29, 2014 Hi, note that the approach itself is incorrect: If a name isn't taken yet and two users ask for it at the same time, they're both allowed to have it. That's because there's a gap between the check and the action. While the name may not have been taken when you've checked, it may very well be taken when you insert the new row. Unique values must be enforced at database level with a UNIQUE constraint. In your application, simply try to insert the row, and if it fails due to a violation of the constraint, you know that the username is already taken.This also lets you get rid of the extra query. When you've chosen your database extension (I strongly recommend PDO instead of MySQLi), we can show you how to do it. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.