_absurd Posted April 27, 2007 Share Posted April 27, 2007 After testing this, it will go ahead and give the "Registration Successful" message even if the username has already been registered. The line in question is elseif (mysql_num_rows(mysql_query("SELECT username FROM users WHERE username = '.mysql_real_escape_string ($username).'"))) { Here is most of the page: <? $_PAGE_TITLE = "Register"; include_once ("header.php"); echo '<h1>Register</h1>'; if (isset($_POST['submit'])) { $username = ($_POST['username']); $password = ($_POST['password']); $password2 = ($_POST['password2']); $email = ($_POST['email']); if (empty($username) || empty($password) || empty($password2) || empty($email)) { echo 'You left one or more fields blank.<br />'; displayForm(); } elseif ($password != $password2) { echo 'The passwords you entered did not match.<br />'; displayForm(); } elseif (strlen ($username) > 20) { echo 'Your username is longer than 20 characters.<br />'; } elseif (mysql_num_rows(mysql_query("SELECT username FROM users WHERE username = '.mysql_real_escape_string ($username).'"))) { echo 'That username already exists in the database.<br />'; displayForm(); } else { $md5pass = md5($password); $insert = "INSERT INTO users (username, password, email) VALUES ('.mysql_real_escape_string ($username).', ''.mysql_real_escape_string ($md5pass).'', ''.mysql_real_escape_string ($email).'')"; mysql_query($insert); echo 'Registration successful. You may now login.<br />'; } } else { displayForm(); } function displayForm() { Link to comment https://forums.phpfreaks.com/topic/48959-solved-problem-with-line-25/ Share on other sites More sharing options...
The Little Guy Posted April 27, 2007 Share Posted April 27, 2007 Try this: elseif (mysql_num_rows(mysql_query("SELECT username FROM users WHERE username = '.mysql_real_escape_string ($username).'"))>0) { Link to comment https://forums.phpfreaks.com/topic/48959-solved-problem-with-line-25/#findComment-239866 Share on other sites More sharing options...
_absurd Posted April 27, 2007 Author Share Posted April 27, 2007 It still echos the "Registration Successful" message when entering a taken name. Also, it will not put any new users into the database? Link to comment https://forums.phpfreaks.com/topic/48959-solved-problem-with-line-25/#findComment-239872 Share on other sites More sharing options...
Psycho Posted April 27, 2007 Share Posted April 27, 2007 The problem is your use of quotes and the . for concatenation mysql_query("SELECT username FROM users WHERE username = '.mysql_real_escape_string ($username).'")) The first double quote begins the query. The first single quote is to encase the value for username. What is the period for since you are still inside the double quote? You need to do this: mysql_query("SELECT username FROM users WHERE username = '".mysql_real_escape_string($username)."'")) Link to comment https://forums.phpfreaks.com/topic/48959-solved-problem-with-line-25/#findComment-239873 Share on other sites More sharing options...
_absurd Posted April 27, 2007 Author Share Posted April 27, 2007 I always find myself going "What was I thinking?!!" That fixed it mjdamato, thanks - once again - for your help. Link to comment https://forums.phpfreaks.com/topic/48959-solved-problem-with-line-25/#findComment-239877 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.