I need to check my db to see if a username or email is already in use

Question

I've started a thread or two so far but nothing has got resolved. I'm not able to use the mysqlnd because i'm using a shared hosting account with godaddy.

All i need to do is check if my email address and/or username is in use; if they are in use throw and error, if not.. all is well.

Here is my code:

$input_errors = array();

if (!empty($_POST['username'])) {
    $user = $_POST['username'];
} else {
    $input_errors['username'] = "Must fill out username";
}

$email = filter_input(INPUT_POST, 'usermail', FILTER_VALIDATE_EMAIL);
if (false === $email) {
    $input_errors['usermail'] = "Not a valid email address";
}

if(count($input_errors) > 0) {
    print_r($input_errors); die();
}

$sql = "SELECT COUNT(*) as amount FROM people WHERE username = ? 
       OR email = ?";
if ($stmt = $mysqli->prepare($sql)) {

    $stmt->bind_param("ss", $user, $email);
    $stmt->execute();
    $results = $stmt->get_result();
    $data = mysqli_fetch_assoc($results);

    if ($data['amount'] > 0)
    {
        print "User already exists";
    }
}

else {
$stmt = $mysqli->stmt_init();
if (!$stmt) {
    echo "Init failed";
} else {
    $cmd = "INSERT INTO people (username, email, sign_up_date) VALUES (?, ?, NOW() )";
    if ($stmt->prepare($cmd)) {
        $stmt->bind_param('ss', $user, $email );
        $stmt->execute();

        echo $stmt->affected_rows . " row(s) inserted";

        $stmt->close();

    } else {
        echo "Prepare failed";
    }
    mysqli_close($mysqli);
    }
}

bind_result() does not work.

Don't get it. Is it failing? What are you asking? And whats' bind_result? Do you mean bind_param is not working? How do you know it isn't working? Questions are only questions if they are clear enough for the audience to understand them. — Rottingham, Jan 03 '14 at 00:42
Here's a pastebin file of code I use (tweaked of course) which works for me. It just has an email field, but you can tweak it. http://pastebin.com/HcqmERkP — Funk Forty Niner, Jan 03 '14 at 00:44
bind_result http://www.php.net/manual/en/mysqli-stmt.bind-result.php — cooking good, Jan 03 '14 at 00:51
With "my" pastebin? If so, you need to create the table and respective columns my friend. This puppy works. I don't just "give" stuff out like it was Halloween candy. — Funk Forty Niner, Jan 03 '14 at 00:52
You're welcome. All you need to do now is work with a "copy" of it and add the extras that you need. You'll get 'er goin' in no time at all ;-) — Funk Forty Niner, Jan 03 '14 at 00:56
Here, I think you may be better off with this one instead. It checks for either a username OR an email: http://pastebin.com/1dC07Cx6 Merry Xmas and don't say I never gave you nuthin' ;-) cheers (some tweaking may be necessary for sanitizing purposes), but she works like a Bat Outta Hell. — Funk Forty Niner, Jan 03 '14 at 01:35

score 0 · Answer 1 · answered Jan 03 '14 at 01:04

0

Change your sql statement to the following:

$sql = "SELECT COUNT(*) as amount FROM people WHERE username = '".mysqli_real_escape_string($_POST['username'])."' OR email = '".mysqli_real_escape_string($email)."'";

answered Jan 03 '14 at 01:04

1

SQL injection risk ahead! It may be a good idea, but it is better to use parametrized queries insetad of building the SQL string "by hand". – Barranka Jan 03 '14 at 01:06

I need to check my db to see if a username or email is already in use

1 Answers1