-1

Ho can I check the database first if a user exists then use a insert statement if it does not. The code currently only executes the select statement. 

<?php
    include_once('includes/dbconn.php');

    if (isset($_POST['submitted'])) {
        $fname = $_POST['fname'];
        $lname = $_POST['lname'];
        $user = $_POST['user'];
        $pass = $_POST['pass'];

        $query_check_user = "SELECT username FROM Users WHERE username = '$user'";
        $query = "INSERT INTO Users(firstname, lastname, username, password) VALUES ('$fname','$lname','$user','$pass')";

        if (mysqli_query($dbconn, $query_check_user)) {
            echo "user already exists";
            mysqli_close($dbconn);
        }else{
            mysqli_query($dbconn, $query);
        }
    }
?>
Improve this question
7
  • Possible duplicate of check if SQL row exists with PHP Commented Mar 23, 2018 at 8:32
  • 1
    mysqli_query returns false only on failure, not just because it returns an empty set. Commented Mar 23, 2018 at 8:32
  • 1
    Please also look up prepared statements (your queries are prone to SQL injection). Commented Mar 23, 2018 at 8:33
  • 1
    Performing a check if a record exists with SELECT is bad because it's not accurate information. By the time you're done checking, another process can insert that record and you can end up with 2 records that are the same. To fight this problem, we use unique constraints, we simply insert and if database reports duplicate key error then we know a record exists. Commented Mar 23, 2018 at 8:34
  • 1
    @Flocke it's not a case of "does it happen", it's the case of creating a system where there are no holes such as this one. It might not happen today, tomorrow, in 6 months. What if it happens in 2 years? However, the interesting bit is that creating a unique constraint makes it easier for us as we have to type way, way less code. And it's bulletproof, forever. Regarding soft-deletes, you can always create a unique constraint out of (username, is_deleted) or hash (username, is_deleted) and save that as unique constraint. Commented Mar 23, 2018 at 8:58

3 Answers 3

Reset to default
0 
<?
    include_once('includes/dbconn.php');

    if (isset($_POST['submitted'])) {
        $fname = $_POST['fname'];
        $lname = $_POST['lname'];
        $user = $_POST['user'];
        $pass = $_POST['pass'];

        //Query for count
        $query_check_user = "SELECT count(*) as total FROM Users WHERE username = '$user'";
        $query = "INSERT INTO Users(firstname, lastname, username, password) VALUES ('$fname','$lname','$user','$pass')";
        //Execute query for count
        $result = mysqli_query($dbconn, $query_check_user);
        //Fetch result
        $data = mysqli_fetch_assoc($result);
        //Check if count >0
        if ($data['total']>0) {
            echo "user already exists";
            mysqli_close($dbconn);
        }else{
            mysqli_query($dbconn, $query);
        }
    }
?>
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Your answer is vulnerable against sql injection attacks. Please teach proper techniques.
this is the output 0 if ($data['total']>0) { echo "user already exists"; mysqli_close($dbconn); }else{ mysqli_query($dbconn, $query); } } ?>
-2

you can use mysqli_num_rows(); to check the number if result if it is greater then 0 then user exist else insert user data.

my example :

include_once('includes/dbconn.php');

    if (isset($_POST['submitted'])) {
        $fname = $_POST['fname'];
        $lname = $_POST['lname'];
        $user = $_POST['user'];
        $pass = $_POST['pass'];

        $query_check_user = "SELECT username FROM Users WHERE username = '$user'";
        $query_result = mysqli_query($query_check_user);
        $query = "INSERT INTO Users(firstname, lastname, username, password) VALUES ('$fname','$lname','$user','$pass')";

        if (mysqli_num_rows($query_result) > 0) {
            echo "user already exists";
            mysqli_close($dbconn);
        }else{
            mysqli_query($dbconn, $query);
        }
    }
Improve this answer

2 Comments

does not work. adds a user even if the username exists
check your query on phpmyadmin or show me your db structure of table username
-3

as I get from your question is, you want to insert the user if the user doesn't exist, right?

$query_check_user = "SELECT username FROM Users WHERE username = '$user'";
$b = mysqli_query($dbconn,$query_check_user);
$a = mysqli_num_rows($b);
if($a<0):
   mysqli_query(dbconn, "INSERT INTO Users(firstname, lastname, username, password) VALUES ('$fname','$lname','$user','$pass')");
endif;
Improve this answer

3 Comments

Your answer is vulnerable against sql injection attacks. Please teach proper techniques.
you are trying to insert a new user if the user already exists - might be wrong
that edit does not help - number of rows wont be < 0

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.