shadowx 0 Report post Posted August 29, 2006 Hi allIm having problems with this peice of code: $result = mysql_query("SELECT 'ID' FROM 'login' WHERE username=$dusername",$link); if($result != NULL){ //username DOES exsist so they cant have it! include("scripts/userexsists.php"); The idea is, this query will take the variable $dusername which is the usernbame that a user wants to have, and check it in the database to see if it already exsists. and depending on whether it does or not it will include one of two different scripts.The problem I'm having is that the variable $result seems to be emtpy. Does anyone know why? Its really annoying! Share this post Link to post Share on other sites
leiaah 0 Report post Posted August 29, 2006 Try the code below. I've modified it since there's some minor problems with the use of quotation marks and mysql is strict with closed and unclosed strings so we have to be careful. You can use a variable first to store your string query so you can see if all quotation marks are closed (with beginning and ending quotes) but it's just optional. I hope this helps. String $qry = "SELECT ID FROM login WHERE username='" .$dusername. "'";$result = mysql_query($qry); if($result != NULL){ //username DOES exsist so they cant have it! include("scripts/userexsists.php"); Share this post Link to post Share on other sites
Chatz 0 Report post Posted August 29, 2006 Try the code below. I've modified it since there's some minor problems with the use of quotation marks and mysql is strict with closed and unclosed strings so we have to be careful. You can use a variable first to store your string query so you can see if all quotation marks are closed (with beginning and ending quotes) but it's just optional. I hope this helps. String $qry = "SELECT ID FROM login WHERE username='" .$dusername. "'";$result = mysql_query($qry); if($result != NULL){ //username DOES exsist so they cant have it! include("scripts/userexsists.php"); That code should work.If not then maybe you should go over the all script to make sure you didn't leave out anything example a symbol that could be interfering with that section of the script. Share this post Link to post Share on other sites
shadowx 0 Report post Posted August 30, 2006 Thanks leiaah. Ive always had trouble with select where queries but never knew why, but now i do know why!That code worked perfectly although i had to remove "String" Just before the variable $qry. Not sure why i had to do that but it worked perfectly once i did :DThanks. Share this post Link to post Share on other sites
electron 0 Report post Posted August 31, 2006 As this is a username query be careful of MySQL injections.People could hack it due to that.Use htmlentities() to save your script of being vulnerable. Share this post Link to post Share on other sites
masterio 0 Report post Posted September 15, 2006 Other function that usefull to sanitize user input before being executed by MySQL is using addslashes() sunction. but now most server is add escaping character automatically. Share this post Link to post Share on other sites