[PHP Help] Checking for a username in the database

JoshuaLuke · Jun 16, 2012

Hey there developers,

I'm creating a referal system for my CMS (Uber) and i'm wanting it to throw an error if the value inputted in a text box isn't a username in the database, heres my code:

Code:

$checkRef = (mysql_result(mysql_query("SELECT `username` FROM `users` WHERE `username` = '".$referal."'"), 0));
 
if($checkRef < '1') {
echo 'Error';
}

But I have 2 problems, this happens:

That happens when a user goes onto the page, I need it to happen after the submit.
Also, I don't want the form to submit if the $checkRef is 0. How do I do this?

brsy · Jun 16, 2012

PHP:

$checkRef = mysql_num_rows(mysql_query("SELECT * FROM `users` WHERE `username` = '".$referal."'"));
 
if($checkRef > 0) {
die('Error');
}

JoshuaLuke · Jun 16, 2012

ChrizPHP said:

Code doesn't seem to work. It doesn't say anything at the top now, but when I hit 'Create Account' even with a random Referal such as 'HERHJREIEWU REE

248ERMDFS' which doesn't exist in the DB, it still submits and makes the account

brsy · Jun 16, 2012

Well you did something wrong on your side. My referral system works with a code similar to the one I provided.

Thom · Jun 16, 2012

You can't put a definition for $referal underneath where it is used.. move it up

JoshuaLuke · Jun 16, 2012

ILuvCreg said:
You can't put a definition for $referal underneath where it is used.. move it up

Still does the exact same thing.

brsy · Jun 16, 2012

PHP:

<?php
$referal = mysql_real_escape_string(stripslashes(trim(htmlspecialchars($_GET['referal']))));
$checkRef = mysql_num_rows(mysql_query("SELECT * FROM `users` WHERE `username` = '".$referal."'"));
 
if($checkRef < 0) {
die('Error');
}
?>

tyr0ne · Jun 16, 2012

put referral over the mysql num rows

right now it defines the variable after, so it cannot read the variable and gives you no results

JoshuaLuke · Jun 16, 2012

ChrizPHP said:

PHP:

<?php
$referal = mysql_real_escape_string(stripslashes(trim(htmlspecialchars($_GET['referal']))));
$checkRef = mysql_num_rows(mysql_query("SELECT * FROM `users` WHERE `username` = '".$referal."'"));
 
if($checkRef > 0) {
die('Error');
}
?>

Still does the same thing :l

Code:

<?php
$referal = mysql_real_escape_string(stripslashes(trim(htmlspecialchars($_GET['referal']))));
$checkRef = mysql_num_rows(mysql_query("SELECT * FROM `users` WHERE `username` = '".$referal."'"));
 
if($checkRef > 0) {
die('Error');
}
?>

Thats defined at the top of my file

brsy · Jun 16, 2012

I edited the my last post... try that.

tyr0ne · Jun 16, 2012

I just tried on my own site, so the table name and column names are not the same, but it works fine for me.

Of course re-add your security functions things for the value of the variable $referal, but other than that when it doesnt find a game it writes "0lol don't know" because there's 0 rows found, and when it finds it, it writes "1game name"

PHP:

<?php
if( $_GET["referal"] ) {
    $referal = $_GET["referal"];
    $checkRef = mysql_num_rows(mysql_query("SELECT * FROM games WHERE title = '".$referal."'"));
 
    echo $checkRef;
    if($checkRef == 0) {
        echo "lol don't work";
    } else {
        echo $referal;
    }
}
?>

JoshuaLuke · Jun 16, 2012

tyr0ne said:
I just tried on my own site, so the table name and column names are not the same, but it works fine for me.

Of course re-add your security functions things for the value of the variable $referal, but other than that when it doesnt find a game it writes "0lol don't know" because there's 0 rows found, and when it finds it, it writes "1game name"

PHP:

<?php if( $_GET["referal"] ) { $referal = $_GET["referal"]; $checkRef = mysql_num_rows(mysql_query("SELECT * FROM games WHERE title = '".$referal."'")); echo $checkRef; if($checkRef == 0) { echo "lol don't work"; } else { echo $referal; } } ?>

Still makes the account even though the username dont exist in the db ;L

Adil · Jun 16, 2012

Shouldn't it be:

PHP:

if($mysql_num_result == 1)
{
 echo "lolcats u has account brah";
}

?

JoshuaLuke · Jun 16, 2012

Adil said:
Shouldn't it be:

PHP:

if($mysql_num_result == 1) { echo "lolcats u has account brah"; }

?

I need to throw an error if the username in the text box doesn't exist. I tried the == '0' but it failed still :l

Predict · Jun 16, 2012

How could you even have PHP inside the template?!
Why you no use the template class to its full potential and you should consider on stop creating more exploits for yourself.

When coding in PHP, you should think about how you're going to do it first, well that's how I plan before I code. ;p

So, we need a mysql query selecting the person who referred the user, however we don't want to refer that user if the user doesn't exist.

Code:

$query1 = mysql_query("SELECT username FROM users WHERE username = '" . mysql_real_escape_string($_GET['user']) . "' LIMIT 1");

Now, we want to check if the user exists or not and if it does, we'll proceed.

Code:

if (mysql_num_rows($query1) > 0)
{
echo 'Woo?';
}
else
{
echo 'User doesn\'t exist.'
}

Finished product

Code:

<?php
if (isset($_GET['user']))
{
$query1 = mysql_query("SELECT username FROM users WHERE username = '" . mysql_real_escape_string($_GET['user']) . "' LIMIT 1");
 
if (mysql_num_rows($query1) > 0)
{
echo 'Woo?';
}
else
{
echo 'User doesn\'t exist.';
}
}
?>

JoshuaLuke · Jun 16, 2012

Predict said:
How could you even have PHP inside the template?!
Why you no use the template class to its full potential and you should consider on stop creating more exploits for yourself.

When coding in PHP, you should think about how you're going to do it first, well that's how I plan before I code. ;p

So, we need a mysql query selecting the person who referred the user, however we don't want to refer that user if the user doesn't exist.

Code:

$query1 = mysql_query("SELECT username FROM users WHERE username = '" . mysql_real_escape_string($_GET['user']) . "' LIMIT 1");

Now, we want to check if the user exists or not and if it does, we'll proceed.

Code:

if (mysql_num_rows($query1) > 0) { echo 'Woo?'; } else { echo 'User doesn\'t exist.' }

Finished product

Code:

<?php if (isset($_GET['user'])) { $query1 = mysql_query("SELECT username FROM users WHERE username = '" . mysql_real_escape_string($_GET['user']) . "' LIMIT 1"); if (mysql_num_rows($query1) > 0) { echo 'Woo?'; } else { echo 'User doesn\'t exist.' } } ?>

That code throws a PHP error, the page won't even load, and surely it must be easier to do it than that. Also, $_GET['user'] is an undefined var so I changed it to $_GET['referal']. Still shows PHP error

Predict · Jun 16, 2012

...

Go to:
echo 'User doesn\'t exist.'
Replace:
echo 'User doesn\'t exist.';

You must be registered for see links

JoshuaLuke · Jun 16, 2012

Predict said:
...

Go to:
echo 'User doesn\'t exist.'
Replace:
echo 'User doesn\'t exist.';

You must be registered for see links

You must be registered for see links

Code works, but if I attempt to put the referal in the text box eg. 'asjerjfkgsle' then the form still submits:-

PHP:

<?php
$referal = mysql_real_escape_string(stripslashes(trim(htmlspecialchars($_GET['r']))));
 
if (isset($_GET['r']))
{
$query1 = mysql_query("SELECT username FROM users WHERE username = '" . mysql_real_escape_string($_GET['r']) . "' LIMIT 1");
 
if (mysql_num_rows($query1) < 1)
{
echo ('User doesnt exist.');
}
}
 
?>

tyr0ne · Jun 16, 2012

in that previous code you should check if a get param is set before making a variable with it.

[PHP Help] Checking for a username in the database

Posting Freak

nah mang

Posting Freak

nah mang

You can't touch this

Posting Freak

nah mang

Active Member

Posting Freak

nah mang

Active Member

Posting Freak

DevBest CEO

Posting Freak

Active Member

Posting Freak

Active Member

Posting Freak

Active Member

Users who are viewing this thread