Ran Ran - 4 months ago 14
PHP Question

Checking if user & email exists on MYSQL with PHP

I've searched around but I could not find something that works correctly.
I have the inputs: username, password and email.

I want to check both username and email and know if they exists on database or not.

If it does, it gives na error, if it doesn't, it creates a new account.

So this is my code for now:

Forms

<?php
function formulary() {
?>

<section class="container">
<div class="register">
<h1>Create an account</h1>

<form method="post">
<p><input type="text" name="username" value="" placeholder="Username" maxlength="25"></p>
<p><input type="password" name="password" value="" placeholder="Password" maxlength="25"></p>
<p><input type="email" name="email" value="" placeholder="E-Mail" maxlength="50"></p>
<div class="buttons">
<input type="submit" name="register" value="Register">
<input type="button" name="cancel" value="Cancel" onClick="window.location='login.php';">
</div>
</form>
</div>
</section>

<?php
}
?>


Check

<?php
function registNew() {
$con = mysqli_connect("localhost","root","","work");
$username = mysqli_real_escape_string($con , $_POST["username"]);
$password = mysqli_real_escape_string($con , $_POST["password"]);
$email = mysqli_real_escape_string($con , $_POST["email"]);

if(mysqli_connect_errno())
{
echo "Error MySQL: " .mysqli_connect_errno();
}

$sqlUser = "SELECT * FROM users WHERE username = '".$username."'";
$rs = mysqli_query($con ,$sqlUser);
$numUsers = mysqli_num_rows($rs);

if($numUsers > 0) {
echo "User already exists<br/>";
}
else
{
$sqlEmail = "SELECT * FROM utilizadores WHERE email = '".$email."'";
$rs = mysqli_query($con ,$sqlEmail);
$numEmails = mysqli_num_rows($rs);

if($numEmails > 0) {
echo "E-Mail already exists<br/>";
}
else
{
$newUser= "INSERT INTO utilizadores(username,password,email) VALUES('$username','$password','$email')";
if(mysqli_query($con ,$newUser))
{
echo "Account has been created!<br/>";
mysqli_close($con);
header('Location: login.php');
}
else
{
echo "Error at adding user<br/>";
header("refresh:5;url=register.php");
}
}
}
}
?>


End

<?php
if(!isset($_SESSION)) {
session_start();
}

if(!isset($_POST["register"]))
{
formulary();
}
else
{
registNew();
}
?>


The output of creating a non-existant account is:

Error at adding user

I'm quite new at PHP so I'm not sure what's wrong. Is it because I'm using the same variables for both username and e-mail (check/sql/etc variables) or I'm just doing this wrong?

Any idea why this is not working?

Answer

I edited first part of your registNew function to check if there are any results. Everything is of course escaped so you are safe.

function registNew() {
        $con = mysqli_connect("localhost","root","","work");
        $username = mysqli_real_escape_string($con, $_POST["username"]);
        $password = mysqli_real_escape_string($con, $_POST["password"]);
        $email = mysqli_real_escape_string($con, $_POST["email"]);

        if(mysqli_connect_errno())
        {
            echo "Error MySQL: " .mysqli_connect_errno();
        }

        $rsUsers = mysqli_query($con,"SELECT * FROM users WHERE username = '".$username."'");
        $rsEmails = mysqli_query($con,"SELECT * FROM users WHERE email = '".$email."'");
        $numUsers = mysqli_num_rows($rsUsers);
        $numEmails = mysqli_num_rows($rsEmails);

        if($numUsers > 0 || $numEmails > 0) {
            echo "User already exists";
        }
        else
        {

                $newUser= "INSERT INTO users(username,password,email) VALUES('$username','$password','$email')";
                if(mysqli_query($con,$newUser))
                {
                    echo "Account has been created<br/>";
                    /* header('Location: login.php'); */
                }
                else
                {
                    echo "Error at adding user<br/>";
                    header("refresh:5;url=register.php");
                }

        }
    }
Comments