Always redirects

PHP
1

My code will always redirect like the user name I submit already exists, even when it doesn’t. I don’t know what’s wrong. I don’t know if I should use the '$_POST[‘user’]" variable or “$resultUser” variable. Here is the code that I think contains the error.


$resultUser = mysql_query("SELECT COUNT(*) FROM `sq_users` WHERE `Username` = ".mysql_real_escape_string('$_POST[user]'));
if ($_POST['user'] = 1) 
	{
		header('Location: '.$root.$name_use); 
		exit;
	}
2

I took out the exit. That worked, but don’t I need the exit?

3

Here is the updated code. It doesn’t notice when the username is the same now and it makes the account.


$resultUser = mysql_query("SELECT COUNT(*) FROM `sq_users` WHERE `Username` = ".mysql_real_escape_string('$_POST[user]'));
if ($resultUser = 1) header('Location: '.$root.$name_use);
4 

$result = mysql_query(
    sprintf(
        "SELECT Username FROM sq_users WHERE Username = '%s'",
        mysql_real_escape_string($_POST['user'])
    )
);

if(0 !== mysql_num_rows($result)){
    #username exists
}

:wink:

5

What does the “%s” mean?

6

The “%s” will be replaced by the string you have as the second argument for sprintf.

And your problem is that your missing one = …

if ($_POST['user'] == 1)

else, your making $_POST[‘user’] the value of 1.

7

Your still having problems with strings and variables


'$_POST[user]'; // never work
$_POST['user']; // this is the correct syntax

And you need to enclose that inside quotes in the query.

8

Check out the documentation [fphp]sprintf/fphp.

9

That didn’t work. I incorporated most suggestions into my new code, but it still doesn’t notice user names being the same.


$resultUser = mysql_query("SELECT COUNT(*) FROM `sq_users` WHERE `Username` = ".mysql_real_escape_string($_POST['user']));
if ($resultUser == 1) 
    {
        header('Location: '.$root.$name_use); 
    }
10

Did you run the code I posted or your version of it?

mysql_query returns a resource on success or false on failure, you’re checking if it equals 1, an integer.

As hash stated, you need to enclose the posted value in quotes within your SQL string - currently you are not.

11

I don’t know what you guys mean when you say this. Can you show a quick a example.

12

You need to replicate a valid SQL query using php.

SELECT Username FROM sq_users WHERE Username = 'ChickenMcNuggets'


    sprintf(
        "SELECT Username FROM sq_users WHERE Username = '%s'",
        'ChickenMcNuggets'
    )

See the quotes around ChickenMcNuggets? You’re not doing this.

13

But what do you mean about the posting.

Would it be something like this?


        "SELECT Username FROM sq_users WHERE Username = '%s'",
        mysql_real_escape_string("$_POST['user']")
14

Nearly! Getting there. :stuck_out_tongue:


    sprintf(
        "SELECT Username FROM sq_users WHERE Username = '%s'",
        mysql_real_escape_string($_POST['user'])
    )

See the difference?

15

It worked! Thanks for all your help. I finally finished my registration form!

16

registration ? that looks like some login form…