What's can't I validate usernames?

Hi! I can’t figure out what I’m doing wrong. Any help is greatly appreciated. Thanks, in advance!
[php]function checkUserName(){
if(isset($_POST[‘userNameAvailabilityCheck’]))
{
$username=$_POST[‘username’];
$username_query = mysql_query(“SELECT (name_username) FROM user WHERE name_username = ‘$username’”);
$username_result = mysql_result($username_query,0);
if($username_result == 0)
{
echo ‘Username already exists.’;
}
elseif (strlen($username) < 6 || strlen($username) > 15)
{
echo “Username must be 6 to 15 characters”;
}
elseif (preg_match("/^[a-zA-Z1-9]+$/", $username))
{
echo ‘Username is available.’;
}
else
{
echo ‘Use alphanumeric characters only.’;
}
}
}[/php]

Here’s the form that goes with it:

[code]<form action=’<?=$_SERVER['PHP_SELF']?>’ method=‘post’>

register for a new account desired username: <? checkUserName(); ?> first name: last name: desired password: re-enter password log in if you already have an accountusername:password: [/code] I've already tried running the SQL in PhpMyAdmin, so I'm pretty sure the problem lies in the PHP. Right now, I'm getting the error: Warning: mysql_result() expects parameter 1 to be resource, boolean given in /Users/justinalba/Sites/php-class/module3/registration.php on line 40 and it is saying all usernames are available when I am purposefully putting in one that matches in my DB.

The php is right, but how you’re using it is wrong. Given its usage, you’re better off using ajax.

You don’t need ajax, you just need to fetch you data better from mysql

While this is far from elegant and written in Object-Oriented Style I gives an idea on how to do it the mysqli way.

[php] public function check_for_duplicates($username, $email)
{
$query = “SELECT username, email FROM users ORDER BY id DESC LIMIT 250”;

	    if ($result = $this->db->query($query)) {
	    
		   /* fetch associative array */
		   while ($row = $result->fetch_assoc()) {
			  if ($username == $row['username'])
			  {
				$this->error_array['user_x'] = true;
				$this->error_array['error_user_msg'] = $this->field_error['user_taken'];
				
			  }
			  elseif ($email == $row['email'])
			  {
			     $this->error_array['email_x'] = true;
				$this->error_array['error_email_msg'] = $this->field_error['email_taken'];											  
			  }
			  
		   }
	    
		   /* free result set */
		   $result->free();
	    }
	    
	    /* close connection */
	   $this->db->close();		
	   
	   return $this->error_array;  		 
}[/php]

An here’s a way of doing it in PDO (Sorry about being written in OOP, I find doing it in OOP to be cleaner, you can find how to do it the procedural way at php dot net).

[php] if(!empty($_POST) && ($error_msg == false))
{

    $query = "
        SELECT
            1
        FROM users
        WHERE
            username = :username1
    ";
    

    $query_params = array(
        ':username1' => html_escape($_POST['username1'])
    );

   
    $stmt = $db->prepare($query);
    $result = $stmt->execute($query_params);
            

    $row = $stmt->fetch();
    
   
    if($row)
    {
	  		   
	  $announce->errorHandler("user_taken");
	  $user_input = $announce->error_return();
	  $error_msg = true;
	 
    }
}[/php]

I would also check the string for valid characters either before the the mysql query or after. Personally I think I would do it before for most people will probably enter a valid username.

you never opened a mySQL connection, the answer to your problem was the error message :slight_smile:

No, it just means that the query failed. The lack of a connection could be a reason why, but its more likely because of how he’s trying to use the function. You can’t directly access a function from a button like he’s trying to do. He’d get a different error message too if there’s no connection.

Sponsor our Newsletter | Privacy Policy | Terms of Service