-1

This function is not preventing the user from creating a new user with an alreday used username or email, it doesn't show any errors but it's not working:

function UniqueErr($conn, $username, $email){
        $sql = "SELECT * FROM users WHERE usersUid = ? OR usersEmail = ?;";
        $stmt = mysqli_stmt_init($conn);
        if(!mysqli_stmt_prepare($stmt, $sql)){
            header("location: ../signup.php?error=stmtfailed");
            exit();
        }
            mysqli_stmt_bind_param($stmt, "ss", $username, $email);
            mysqli_stmt_execute($stmt);
            $result = mysqli_stmt_get_result($stmt);
            if ($row = mysqli_fetch_assoc($result)){
                return $row;
            }
            else{
                $result = false;
                return $result;
            }
            mysqli_stmt_close($stmt);
    };```
---------------------------------------------------------------------------------------
`if(UniqueErr($conn, $username, $email) !== false){
            header("location: ../signup.php?error=uiduniqueerr");
        }`
Muhammad Aldriny
  • 1
  • 2
    I would guess, it's that bad practice of abusing the Location: header that you learned from one impostor on Youtube. You should learn correct error handling and your problem should be hone – Your Common Sense Aug 14 '23 at 13:00
  • @YourCommonSense I'm still learning, I made the database columns of username and email unique, that seemed to fix it, but thanks, can you tell me what's better than using location: header ? – Muhammad Aldriny Aug 14 '23 at 13:16
  • As per the comment above, do some proper error handling. Read https://phpdelusions.net/articles/error_reporting for a proper guide – ADyson Aug 14 '23 at 13:28
  • 1
    You should just NEVER use Location: header for the purpose of error reporting. The error must be shown on the same page. Something like [this](https://stackoverflow.com/a/25688800/285587) – Your Common Sense Aug 14 '23 at 13:29
  • 1
    BTW you have a lot of unnecessary code. For example `mysqli_stmt_close($stmt);` is dead code and will never be executed. – Dharman Aug 14 '23 at 13:37

0 Answers0