I am new to PHP and I would like to check whether or not a username or email already exists in my database. If it does, I would like to redirect back to my signup page. The code I have works to add users but I cannot figure out how to check if the username and email exist. I don't want to make either the primary key Please help!!! This is the code that I have now from the book I am using:
<?php
require_once "app_config.php";
require_once "database_connection.php";
$upload_dir = HOST_WWW_ROOT . "uploads/profile_pics/";
$image_fieldname = "user_pic";
//Potential PHP errors
$php_errors = array(1 => 'Maximum file size in php.ini exceeded',
2 => 'Maximum file size in HTML form exceeded',
3 => 'Only part of the file was uploaded',
4 => 'No file was selected to upload');
$first_name = trim($_REQUEST['first_name']);
$last_name = trim($_REQUEST['last_name']);
$username = trim($_REQUEST['username']);
$password = trim($_REQUEST['password']);
$email = trim($_REQUEST['email']);
$bio = trim($_REQUEST['bio']);
$facebook_url = str_replace("facebook.org", "facebook.com", trim($_REQUEST['facebook_url']));
$position = strpos($facebook_url, "facebook.com");
if($position === false) {
$facebook_url = "http://www.facebook.com/" . $facebook_url;
}
$twitter_handle = trim($_REQUEST['twitter_handle']);
$twitter_url = "http://www.twitter.com/";
$position = strpos($twitter_handle, "@");
if($position === false) {
$twitter_url = $twitter_url . $twitter_handle;
} else {
$twitter_url = $twitter_url . substr($twitter_handle, $position + 1);
}
//Make sure we didn't have an error uploading the image
($_FILES[$image_fieldname]['error'] == 0)
or handle_error("the server couldn't upload the image you selected",
$php_errors[$_FILES[$image_fieldname]['error']]);
// Is this file the result of a valid upload?
@is_uploaded_file($_FILES[$image_fieldname]['tmp_name'])
or handle_error("you were trying to do something naughty. Shame on you!",
"Uploaded request: file named " .
"'{$_FILES[$image_fieldname]['tmp_name']}'");
// Is this actually an image?
@getimagesize($_FILES[$image_fieldname]['tmp_name'])
or handle_error("you selected a file for your picture " .
"that isn't an image.",
"{$_FILES[$image_fieldname]['tmp_name']} " .
"isn't a valid image file.");
//Name the file uniquely
$now = time();
while(file_exists($upload_filename = $upload_dir . $now .
'-' . $_FILES[$image_fieldname]['name'])) {
$now++;
}
// Insert the image into the images table
$image = $_FILES[$image_fieldname];
$image_filename = $image['name'];
$image_info = getimagesize($image['tmp_name']);
$image_mime_type = $image_info['mime'];
$image_size = $image['size'];
$image_data = file_get_contents($image['tmp_name']);
//Insert into images query
$insert_image_sql = sprintf("INSERT INTO images " .
"(filename, mime_type, file_size, image_data) " .
"VALUES ('%s', '%s', %d, '%s');",
mysql_real_escape_string($image_filename),
mysql_real_escape_string($image_mime_type),
mysql_real_escape_string($image_size),
mysql_real_escape_string($image_data));
mysql_query($insert_image_sql)
or die(mysql_error());
//Insert into users query
$insert_sql = sprintf("INSERT INTO users " .
"(first_name, last_name, username, " .
"password, email, " .
"bio, facebook_url, twitter_handle, " .
"profile_pic_id) " .
"VALUES ('%s', '%s', '%s', '%s', '%s',
'%s', '%s', '%s', %d);",
mysql_real_escape_string($first_name),
mysql_real_escape_string($last_name),
mysql_real_escape_string($username),
mysql_real_escape_string($password),
mysql_real_escape_string($email),
mysql_real_escape_string($bio),
mysql_real_escape_string($facebook_url),
mysql_real_escape_string($twitter_handle),
mysql_insert_id());
//Insert user into database
mysql_query($insert_sql)
or die(mysql_error());
//Redirect the user the page that displays user information
header("Location: show_user.php?user_id=" . mysql_insert_id());
exit();
?>
First a great tip. the mysql functions in PHP is out of date you should read something about PDO.
But for now add this before your insert query.
if(mysql_num_rows(mysql_query("SELECT ID FROM users WHERE email = '". mysql_real_escape_string($email) ."')) != 0) {
exit("email exists");
}
select count(1) from users where email = '[INSERT USERNAME TO CHECK HERE]'
Getting 0 back means there are no users with that username.
You'll also want to lower case all the usernames prior to insertion to prevent 'bob' vs. 'Bob' vs. 'BOB' scenario.
The safest way to do this is to have the database do the checking. This is called a "unique constraint", and it will cause any update or insert to fail, when it attempts to add a duplicate.
You can easily create this constraint just by creating a unique index:
create unique index users_username on users(username);
create unique index users_email on users(email);