What's can't I validate usernames?

Beginners - Learning PHP
#1

Hi! I can’t figure out what I’m doing wrong. Any help is greatly appreciated. Thanks, in advance!
[php]function checkUserName(){
if(isset($_POST[‘userNameAvailabilityCheck’]))
{
$username=$_POST[‘username’];
$username_query = mysql_query(“SELECT (name_username) FROM user WHERE name_username = ‘$username’”);
$username_result = mysql_result($username_query,0);
if($username_result == 0)
{
echo ‘Username already exists.’;
}
elseif (strlen($username) < 6 || strlen($username) > 15)
{
echo “Username must be 6 to 15 characters”;
}
elseif (preg_match("/^[a-zA-Z1-9]+$/", $username))
{
echo ‘Username is available.’;
}
else
{
echo ‘Use alphanumeric characters only.’;
}
}
}[/php]

Here’s the form that goes with it:

[code]<form action=’<?=$_SERVER['PHP_SELF']?>’ method=‘post’>

register for a new account desired username: <? checkUserName(); ?> first name: last name: desired password: re-enter password log in if you already have an accountusername:password: [/code] I've already tried running the SQL in PhpMyAdmin, so I'm pretty sure the problem lies in the PHP. Right now, I'm getting the error: Warning: mysql_result() expects parameter 1 to be resource, boolean given in /Users/justinalba/Sites/php-class/module3/registration.php on line 40 and it is saying all usernames are available when I am purposefully putting in one that matches in my DB.
#2

The php is right, but how you’re using it is wrong. Given its usage, you’re better off using ajax.

#3

You don’t need ajax, you just need to fetch you data better from mysql

While this is far from elegant and written in Object-Oriented Style I gives an idea on how to do it the mysqli way.

[php] public function check_for_duplicates($username, $email)
{
$query = “SELECT username, email FROM users ORDER BY id DESC LIMIT 250”;

	    if ($result = $this->db->query($query)) {
	    
		   /* fetch associative array */
		   while ($row = $result->fetch_assoc()) {
			  if ($username == $row['username'])
			  {
				$this->error_array['user_x'] = true;
				$this->error_array['error_user_msg'] = $this->field_error['user_taken'];
				
			  }
			  elseif ($email == $row['email'])
			  {
			     $this->error_array['email_x'] = true;
				$this->error_array['error_email_msg'] = $this->field_error['email_taken'];											  
			  }
			  
		   }
	    
		   /* free result set */
		   $result->free();
	    }
	    
	    /* close connection */
	   $this->db->close();		
	   
	   return $this->error_array;  		 
}[/php]

An here’s a way of doing it in PDO (Sorry about being written in OOP, I find doing it in OOP to be cleaner, you can find how to do it the procedural way at php dot net).

[php] if(!empty($_POST) && ($error_msg == false))
{

    $query = "
        SELECT
            1
        FROM users
        WHERE
            username = :username1
    ";
    

    $query_params = array(
        ':username1' => html_escape($_POST['username1'])
    );

   
    $stmt = $db->prepare($query);
    $result = $stmt->execute($query_params);
            

    $row = $stmt->fetch();
    
   
    if($row)
    {
	  		   
	  $announce->errorHandler("user_taken");
	  $user_input = $announce->error_return();
	  $error_msg = true;
	 
    }
}[/php]

I would also check the string for valid characters either before the the mysql query or after. Personally I think I would do it before for most people will probably enter a valid username.

#4

you never opened a mySQL connection, the answer to your problem was the error message :slight_smile:

#5

No, it just means that the query failed. The lack of a connection could be a reason why, but its more likely because of how he’s trying to use the function. You can’t directly access a function from a button like he’s trying to do. He’d get a different error message too if there’s no connection.

Sponsor our Newsletter | Privacy Policy | Terms of Service