[javiadas]

Hi,

I have a database with:

id
username
password
email

the id is the primary key and autoincrement, the username and the email are unique.

my problem is when i submit a form with a username that already exist or the email already exist my insert causes an error.
how can i handle error, how can i know if the error is cause by the email or the username that already exist.

hope i explain well my problem.

please help me.

thanks

[alexweb]

Hello!

You should use two queries: first for checking and second for inserting:

$login=(isset($_POST['login']))? $_POST['login']: '';
$passwd=(isset($_POST['passwd']))? $_POST['passwd']: '';
$email=(isset($_POST['email']))? $_POST['email']: '';
if (empty($login) || empty($passwd) || empty($email)){
die('Please, fill all fields');
}
if (!$result=mysql_query('SELECT id FROM table_name WHERE username='.$login.' OR password='.$passwd.' OR email='.$email)) {
die('Wrong query');
}
if (mysql_num_rows($result)>0) {
die('Your data already exists in our database');
} else {
----- write your insert query here ------
}

[wheezy360]

Quote:

Originally Posted by alexweb

Hello!

You should use two queries: first for checking and second for inserting:

$login=(isset($_POST['login']))? $_POST['login']: '';
$passwd=(isset($_POST['passwd']))? $_POST['passwd']: '';
$email=(isset($_POST['email']))? $_POST['email']: '';
if (empty($login) || empty($passwd) || empty($email)){
die('Please, fill all fields');
}
if (!$result=mysql_query('SELECT id FROM table_name WHERE username='.$login.' OR password='.$passwd.' OR email='.$email)) {
die('Wrong query');
}
if (mysql_num_rows($result)>0) {
die('Your data already exists in our database');
} else {
----- write your insert query here ------
}

Most everything looks ok here except for the check to see if the password is unique. This is unneccessary and creates a security hole. Stick with checking the username and e-mail.

[javiadas]

ok i will check it, hope this works.

i will just validate the username and the email, the password i dont think is important because a lot of people can use the same password.

but the question here is how can i know which of the fields are the one that is wrong.

[wheezy360]

Quote:

Originally Posted by javiadas

ok i will check it, hope this works.

i will just validate the username and the email, the password i dont think is important because a lot of people can use the same password.

but the question here is how can i know which of the fields are the one that is wrong.

You could separate the check into two separate queries:

PHP Code:

if (mysql_num_rows(mysql_query('SELECT * FROM users WHERE email="'.$_POST['email'].'"'))>0) {

// Invalid e-mail

} else if (mysql_num_rows(mysql_query('SELECT * FROM users WHERE username = "'.$_POST['username'].'"'))>0) {

// Invalid user

} else {

// Continue with registration

} 

Note the above code should work logically but it's not exactly secure.. Make sure you check the POST variables and what not which I'm sure you're already doing.

[javiadas]

thanks alot i will try it.