Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

How to create a proper signup page?

MythicFrost

MythicFrost

macrumors 68040
Original poster
Mar 11, 2009
3,944
40
Australia
Ok, I've designed my signup page, how should I check that the username they entered has not been taken, what I do now:

You click the signup button it goes to signup.php, signup.php checks if the username isn't taken by doing this:

Code: 
while ($row = mysql_fetch_array($result))
{
	//real code
	if ($username == $row["username"])
	{
		bUsernameTaken=true;
		break;
	}
	//end
	$id = $row["id"]; $user = $row["username"]; $pass = $row["password"]; $email = $row["email"];
	echo ("<tr><td>".$id."</td><td>".$user."</td><td>".$pass."</td><td>".$email."</td>");
	$iCount+=1;
}

and at the end of the code I want to do this:

Code: 
if (bUsernameTaken)
{
	//redirect back to signuser.html and display message saying username taken (not signuser.php)
        //Not sure how to do that?
}

It seems like it would be a bit annoying doing it this way, rather than just displaying whether it's taken or not straight away, but I don't know how to do it.

Any idea's?

Kind Regards
 
I'm guessing you don't know much SQL. You may want to download a pre-built script to help you out.

PHP: 
$user = mysql_real_escape_string($_POST['user']);
$query = "SELECT * FROM accounts WHERE username = `$user`;";

Then if the results is one (or greater, but hopefully not) then you know that user name exists.
 
angelwatt said:
I'm guessing you don't know much SQL. You may want to download a pre-built script to help you out.

PHP: 
$user = mysql_real_escape_string($_POST['user']);
$query = "SELECT * FROM accounts WHERE username = `$user`;";

Then if the results is one (or greater, but hopefully not) then you know that user name exists.
Click to expand...

I think you misunderstood the question...or I am. First, his SQL statement is fine, although not very efficient. So yours is better. But anyways I think the question is, "How do I tell the user the entered username is incorrect without reloading the entire page?".

Is this the question?
 
m3kilpat said:
I think you misunderstood the question...or I am.
Click to expand...

Thanks, I think you're right. I was too focused on the first 80% of the post talking a lot about checking if a user name existed, though the real question is but one sentence in the post, which made it easy to miss.

For redirecting,
PHP: 
header('Location: pagetoredirecto.php');
For storing an error message there's a couple ways. I'd probably use the $_SESSION variable to hold such information.

In order to do the checking on-page you would use AJAX to do the same kind of code you have here and have it let you know the name is taken. I'll leave it to you to hunt down all that code as it's a bit much to do here. I'd focus on that after you have the other part working nicely.
 
Alright, thanks guys, sorry about that :O you're right that was my primary question.

I read in a tutorial posting the page to itself (signup.php, onsubmit="signup.php"), is that correct and then I show the errors?

What's AJAX, and can it be disabled like javascript, because I don't want to build a website that might not work for some people.

EDIT: OK, I googled AJAX, but what one of it should I use, Javascript or XML?

Kind Regards
 
MythicFrost said:
I read in a tutorial posting the page to itself (signup.php, onsubmit="signup.php"), is that correct and then I show the errors?

What's AJAX, and can it be disabled like javascript, because I don't want to build a website that might not work for some people.

EDIT: OK, I googled AJAX, but what one of it should I use, Javascript or XML?

Kind Regards
Click to expand...

Having the page submit to itself is fine. I do the same with my contact page.

For AJAX, you'll likely pass back plain text for this case as all you need to know is if the user name exists or not. Using AJAX would require the visitor to have JavaScript enabled, but you should be doing the user name check server side anyways, so those with JavaScript enabled will simply find out their desired user name is already taken. This would be considered a progressive enhancement.

But for now don't worry about the AJAX, it can be added later once things are working.
 
MythicFrost said:
I read in a tutorial posting the page to itself (signup.php, onsubmit="signup.php"), is that correct and then I show the errors?
Click to expand...

Just like to point out a quick thing here:

onSubmit is a Javascript event. If you want the page to post to itself via the form, you will be using the action atribute. Mostly, the onSubmit event is used to form validation (user has enter all fields, email is the correct format, name field has no numbers etc etc)

I realize this might be "holding your hand" a bit, but just so you dont encounter this error down the road.
 
Great thanks, I've added your code:
Code: 
$result = mysql_query("SELECT * FROM Users WHERE username = '$username';", $mysqlCon);

I have 3 questions if ya don't mind, why is there a ';' semicolon at the end of the SQL statement (after the '$username' part),

Why do you do mysql_real_escape_string?

And also, how do I check if $result has found something?

Can I do
Code: 
if ($result.Length > 0)
{
}

or something similar?

EDIT: Thanks a lot Cerebrus, I actually meant Action not onsubmit, thanks though :)

Kind Regards
 
MythicFrost said:
Great thanks, I've added your code:
Code: 
$result = mysql_query("SELECT * FROM Users WHERE username = '$username';", $mysqlCon);

I have 3 questions if ya don't mind, why is there a ';' semicolon at the end of the SQL statement (after the '$username' part),

Why do you do mysql_real_escape_string?

And also, how do I check if $result has found something?

Can I do
Code: 
if ($result.Length > 0)
{
}

or something similar?

EDIT: Thanks a lot Cerebrus, I actually meant Action not onsubmit, thanks though :)

Kind Regards
Click to expand...

1. This could be a type. the ; simply is where php executes a line (execute this), so it might not throw an error as it can be simply ignored. Not sure about this, as I do SQL statements a bit different, but it could be the same as writing
Code: 
echo "test";;;;;;



2. This escapes (IE Not parsed) certain characters from strings so that they do not get executed in your SQL statement. Protects you from SQL injection attacks. Always a good idea.

3. If you are using a select stament, you can test a result by using:
Code: 
 if (mysql_num_rows($result)>0)
  {
      //there were rows found
  }
else
  {
      //no rows found
   }
If you are using update,delete or insert, and are wondering if they executed, you can do

Code: 
if ($result)
  {
      //SQL executed
  }
else
  {
      //SQL didnot execute
   }
 
Ah thanks, I see.

Which one of these is correct?

Code: 
$result = mysql_query("SELECT * FROM Users WHERE username = '$username';", $mysqlCon);

$result = mysql_query("SELECT * FROM Users WHERE username = '%s';", $username, $mysqlCon);

Kind Regards
 
I see, so this is correct?

Code: 
$result = sprintf(mysql_query("SELECT * FROM Users WHERE username = '%s';", $mysqlCon), $username);

Kind Regards
 
MythicFrost said:
I see, so this is correct?

Code: 
$result = sprintf(mysql_query("SELECT * FROM Users WHERE username = '%s';", $mysqlCon), $username);
Click to expand...

Closer.

PHP: 
$query = sprintf("SELECT * FROM Users WHERE username = '%s';", $username);
$result = mysql_query($query);

I don't recommend trying to combine them into a single statement. Go for readability.
 
Thanks a lot, I think I have it this time:

PHP: 
$query = sprintf("SELECT * FROM Users WHERE username = '%s'", mysql_real_escape_string($username));
$result = mysql_query($query, $mysqlCon);

I don't recommend trying to combine them into a single statement. Go for readability.
Click to expand...
I didn't notice I was doing that LOL:eek:

Kind Regards
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back