0

Plenty of time, spent, here is where I'm at:

    $uname_query = mysql_query("SELECT username FROM blog_members WHERE username='".$username."'");         

    if ($uname_query == $username) {
        $error[] = 'Username is already taken';
    }

I'm trying to use the SQL query $uname_query to pull the $username entered in a form, if it exists, then use an if statement to display the error, if it exists.

As it is coded right now, I get no error but also no functionality.

What am I missing?

Improve this question
2
  • I wouldn't do a select because that would build a race condition. Better use an unique index on the column username, try an INSERT. If all went well, that's ok. If you get an index violation error, then give your error message. Commented Apr 11, 2014 at 22:02
  • 1
    @VMai what if he wants to check before the insert is ready? Like while the user is filling out the signup form? I don't see any issue with a this select if the username is the primary key or unique. Commented Apr 11, 2014 at 22:17

4 Answers 4

Reset to default
3

You need to use a fetch. 

$row = mysql_fetch_row($uname_query);
// $row[0] will contain the first column of the first row (username)
if ($row[0] == $username) { }

However, you should look at using PDO or MySQLi since the MySQL api is deprecated. You should also use prepared statements if $username is provided by the user.

In PDO you could do:

$stmt = $pdo->prepare("SELECT username FROM blog_members WHERE username=?");
$stmt->execute(array($username));
// fetchColumn will return the first column of the first row (username)
if ($stmt->fetchColumn() == $username) { }

This protects against SQL injections by providing a prepared statement without $username and binding it in the execute() function. PDO requires some different setup initially too, but here is a good tutorial: http://wiki.hashphp.org/PDO_Tutorial_for_MySQL_Developers

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

The PDO method worked well for me. My database was setup as $db and used elsewhere in my code, so by changing $pdo to $db I was able to copy and paste this code with success. Thank you!
1

You have to fetch the data before compare as

$row = mysql_fetch_array( $uname_query);
if($row["username"] == $username){
  $error[] = 'Username is already taken';
}
Improve this answer

1 Comment

When I try this I get the following error: Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given
0

You need to fetch the data from the query first.

$uname_query = mysql_query("SELECT username FROM blog_members WHERE username='".$username."'");         
$arr=mysql_fetch_array($uname_query);
if ($arr["username"] == $username) {
  $error[] = 'Username is already taken';
}
Improve this answer

Comments

0

For one, you need to fetch it. Use mysql_fetch_row(). Secondly, I'm not sure what that $error[]='string' business is. Are you trying to use an array?

Although I suggest moving to mysqli since mysql is deprecated. Also, I hope you sanitized that string well.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.