0

Following is code for username.php

    <html>
  <head>
       <script type="text/javascript" src="js/jquery-1.7.1.min.js"></script>
      <!-- <script type="text/javascript" src="js/jquery-ui-1.8.17.custom.min.js"></script> -->

       <script type="text/javascript">

         $(document).ready(function(){
            $("#username").change(function(){
                 $("#message").html("<img src='ajax-loader.gif' /> checking...");


            var username=$("#username").val();

              $.ajax({
                    type:"post",
                    url:"check.php",
                    data:"username="+username,
                        success:function(data){
                        if(data==0){
                            $("#message").html("Username available");
                        }
                        else{
                            $("#message").html("Username already taken");
                        }
                    }
                 });

            });

         });

       </script>
  </head>

  <body>

       <table>
        <tr>
              <td>Username</td>
              <td>:</td>
              <td><input type="text" name="id" id="username""/><td>
                <td id="message"><td>
        </tr>

        <tr>
              <td>Password</td>
              <td>:</td>
              <td><input type="text" name="password" id="password" /><td>
        </tr>
       </table>
  </body>
</html>

And the code for check.php

    <?php

  mysql_connect("localhost","healhmate","healthmate");
  mysql_select_db("hmdb");
  if(isset($_POST['id']))
  $username=$_POST['id'];
  $query=mysql_query("SELECT * from user where id='$username' ");

  $find=mysql_num_rows($query);

  echo $find;

?>

this code gives output as username and password boxes. I have included all the 3 files ajax-loader.gif, username.php and check.php in one single folder.On entering username no validation is performed. Can anyone help me to figure out why is this happening?

Improve this question
2
  • dont you wish to to validate password as well? your code only does username check. Commented Oct 17, 2013 at 4:04
  • 1
    Beware of Bobby Tables: bobby-tables.com Commented Oct 17, 2013 at 4:08

2 Answers 2

Reset to default
4 
 <?php

  mysql_connect("localhost","healhmate","healthmate");
  mysql_select_db("hmdb");
  if(isset($_POST['username']))// because in ajax you send username not id
  $username=$_POST['username'];
  $query=mysql_query("SELECT * from user where id='$username' ");

  $find=mysql_num_rows($query);

  echo $find;

?>
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

This still has a sql injection vulnerability.
2

Use data:"id="+username in Ajax request because that is the POST variable your checking in PHP.

Also on a side note: Make sure you handle a case where $_POST['username'] is not set.

<?php
mysql_connect("localhost","healhmate","healthmate");
mysql_select_db("hmdb");
if(isset($_POST['username'])) {// because in ajax you send username not id
    $username=$_POST['username'];
    $query=mysql_query("SELECT * from user where id='$username' ");
    $find=mysql_num_rows($query);
   echo $find;
} else {
    echo "-1";
}
?>

And do not use mysql_* functions. They are deprecated. Use mysqli_* functions or PDO.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.