Check record exists db - error show
![[愿得一人]](https://www.e-learn.cn/qa/data/avatar/000/00/00/small_000000012.jpg)
How do I check if username or email exists and then put a error message in my error array. Right now i have:
$sql = \"SELECT username, email FROM users WHERE use
-
Sounds like you're trying to let users know whether a username or email already exists at registration time. Here's what you can do:
<?php //---------------------------------------- // Create first query $usernameQuery = 'SELECT username FROM users WHERE username="'.mysql_real_escape_string($username).'"'; //---------------------------------------- // Query db $usernameResult = mysql_query($userNameQuery); //---------------------------------------- // Check if result is empty if(mysql_num_rows($usernameResult) > 0){ //---------------------------------------- // Username already exists $error[] = 'Username already exists'; //---------------------------------------- // Return error to user and stop execution // of additional queries/code } else { //---------------------------------------- // Check if email exists //---------------------------------------- // Create query $emailQuery = 'SELECT email FROM users WHERE email="'.mysql_real_escape_string($email).'"'; //---------------------------------------- // Query the db $emailResult = mysql_query($emailQuery); //---------------------------------------- // Check if the result is empty if(mysql_num_rows($emailResult) > 0){ //---------------------------------------- // Email already exists $error[] = 'Email already exists'; //---------------------------------------- // Return error to user and stop execution // of additional queries/code } else { //---------------------------------------- // Continue with registration... } } ?>Please note that you should always escape your values before executing the actual query.
Additional Resources:
http://us.php.net/manual/en/function.mysql-real-escape-string.php http://us.php.net/manual/en/function.mysql-escape-string.php讨论(0) -
You can fetch one row and see if you got same email that you search or same username or both. You can do LIMIT 0,1 if you can stop after finding first row matching either this or that.
讨论(0) -
It would be easier if you just did a quick true/false check in the SQL and checked the flag that came back.
$sql = "SELECT " . "(SELECT 1 FROM `users` WHERE `username` = '" . mysql_real_escape_string($username) . "'), " . "(SELECT 1 FROM `users` WHERE `email` = '" . mysql_real_escape_string($email) . "')"; $query = mysql_query($sql); if (mysql_num_rows($query) > 0) { $foundFlags = mysql_fetch_assoc($query); if ($foundFlags['username']) { $error[] = "username is existing"; } if ($foundFlags['email']) { $error[] = "email is existing"; } } else { // General error as the query should always return }When it does not find an entry, it will return NULL in the flag, which evaluates to false, so the
ifcondition is fine.Note that you could generalise it for a field list like this:
$fieldMatch = array('username' => $username, 'email' => $email); $sqlParts = array(); foreach ($fieldMatch as $cFieldName => $cFieldValue) { $sqlParts[] = "(SELECT 1 FROM `users` WHERE `" . $cFieldName . "` = '" . mysql_real_escape_string($cFieldValue) . "')"; } $sql = "SELECT " . implode(", ", $sqlParts); $query = mysql_query($sql); if (mysql_num_rows($query) > 0) { $foundFlags = mysql_fetch_assoc($query); foreach ($foundFlags as $cFieldName => $cFlag) { if ($foundFlags[$cFieldName]) { $error[] = $cFieldName . " is existing"; } } } else { // General error as the query should always return }NB. Note that assumes all fields are strings, or other string-escaped types (eg. date/time).
讨论(0)
加载中...
- 热议问题