i am making a basic user script and i am wondering how to check if a user name already exists in my database?


<?
//this is register script that will insert users into tables created in install.php
//variables will be below.
$usernames=$_post['username'];
$password=$_post['password'];
$email=$_post['email'];
$location=$_post['location'];
$checkpassword=$_post['checkpassword'];
$name=$_post['name'];
$age=$_post['age'];


//mysql variables (username,password,localhost)
$username='';
$password='';
$database='';


//check if both passwords are same if they are insert to database
if ($password == $checkpassword) }


mysql_connect(localhost,$username,$password);
@mysql_select_db($database) or die( "Unable to select database");

$query2 = "INSERT INTO contacts VALUES ('','$username','$name','$age','$email','$password ',')";
mysql_query($query2);

mysql_close();


}else{
echo 'Passwords do not match.';

?>

You could try use a SQL statment such as the following, assuming the field in your table is called username:

SELECT * from contacts WHERE username='$username'

If you get any results back from that, the username already exists. I'm fairly new to SQL, but it looks like this should do what you want.

ok ill give it a go

Your mysql connect variables are being used twice in your script, and I believe this isn't what you're trying to do.
//mysql variables (username,password,localhost)
$username='';
$password='';
$database='';

Change those to something else, or else you'll be trying to connect to the database with the password and username that your user entered.

Your mysql connect variables are being used twice in your script, and I believe this isn't what you're trying to do.
//mysql variables (username,password,localhost)
$username='';
$password='';
$database='';

Change those to something else, or else you'll be trying to connect to the database with the password and username that your user entered.

It's almost like you're predicting the future and know he will soon be asking a question about why it still doesn't work. Unless, of course, as the test user he entered the database info as his user information. =p

Just a heads up, your code is potentially vulnerable to SQL injection (http://en.wikipedia.org/wiki/SQL_injection). Always pass user input through a filter function like mysql_real_escape_string (http://us2.php.net/manual/en/function.mysql-real-escape-string.php) before sending it off to the database.

Just a heads up, your code is potentially vulnerable to SQL injection (http://en.wikipedia.org/wiki/SQL_injection). Always pass user input through a filter function like mysql_real_escape_string (http://us2.php.net/manual/en/function.mysql-real-escape-string.php) before sending it off to the database.

Hello, my username is "DROP TABLE". =p

Yeah, I would do a lot more data validation than that even, unless you want people using crazy symbols, HTML, etc. in their usernames :)

Don't want more incidents like this (http://abcnews.go.com/Politics/story?id=2601085) (which was also a SQL injection problem).