How to create a proper signup page?

Discussion in 'Web Design and Development' started by MythicFrost, Aug 16, 2009.

  1. MythicFrost macrumors 68040

    MythicFrost

    Joined:
    Mar 11, 2009
    Location:
    Australia
    #1
    Ok, I've designed my signup page, how should I check that the username they entered has not been taken, what I do now:

    You click the signup button it goes to signup.php, signup.php checks if the username isn't taken by doing this:

    Code:
    while ($row = mysql_fetch_array($result))
    {
    	//real code
    	if ($username == $row["username"])
    	{
    		bUsernameTaken=true;
    		break;
    	}
    	//end
    	$id = $row["id"]; $user = $row["username"]; $pass = $row["password"]; $email = $row["email"];
    	echo ("<tr><td>".$id."</td><td>".$user."</td><td>".$pass."</td><td>".$email."</td>");
    	$iCount+=1;
    }
    
    and at the end of the code I want to do this:

    Code:
    if (bUsernameTaken)
    {
    	//redirect back to signuser.html and display message saying username taken (not signuser.php)
            //Not sure how to do that?
    }
    
    It seems like it would be a bit annoying doing it this way, rather than just displaying whether it's taken or not straight away, but I don't know how to do it.

    Any idea's?

    Kind Regards
     
  2. angelwatt Moderator emeritus

    angelwatt

    Joined:
    Aug 16, 2005
    Location:
    USA
    #2
    I'm guessing you don't know much SQL. You may want to download a pre-built script to help you out.

    PHP:
    $user mysql_real_escape_string($_POST['user']);
    $query "SELECT * FROM accounts WHERE username = `$user`;";
    Then if the results is one (or greater, but hopefully not) then you know that user name exists.
     
  3. m3kilpat macrumors regular

    Joined:
    Jul 6, 2009
    #3
    I think you misunderstood the question...or I am. First, his SQL statement is fine, although not very efficient. So yours is better. But anyways I think the question is, "How do I tell the user the entered username is incorrect without reloading the entire page?".

    Is this the question?
     
  4. angelwatt Moderator emeritus

    angelwatt

    Joined:
    Aug 16, 2005
    Location:
    USA
    #4
    Thanks, I think you're right. I was too focused on the first 80% of the post talking a lot about checking if a user name existed, though the real question is but one sentence in the post, which made it easy to miss.

    For redirecting,
    PHP:
    header('Location: pagetoredirecto.php');
    For storing an error message there's a couple ways. I'd probably use the $_SESSION variable to hold such information.

    In order to do the checking on-page you would use AJAX to do the same kind of code you have here and have it let you know the name is taken. I'll leave it to you to hunt down all that code as it's a bit much to do here. I'd focus on that after you have the other part working nicely.
     
  5. MythicFrost thread starter macrumors 68040

    MythicFrost

    Joined:
    Mar 11, 2009
    Location:
    Australia
    #5
    Alright, thanks guys, sorry about that :O you're right that was my primary question.

    I read in a tutorial posting the page to itself (signup.php, onsubmit="signup.php"), is that correct and then I show the errors?

    What's AJAX, and can it be disabled like javascript, because I don't want to build a website that might not work for some people.

    EDIT: OK, I googled AJAX, but what one of it should I use, Javascript or XML?

    Kind Regards
     
  6. angelwatt Moderator emeritus

    angelwatt

    Joined:
    Aug 16, 2005
    Location:
    USA
    #6
    Having the page submit to itself is fine. I do the same with my contact page.

    For AJAX, you'll likely pass back plain text for this case as all you need to know is if the user name exists or not. Using AJAX would require the visitor to have JavaScript enabled, but you should be doing the user name check server side anyways, so those with JavaScript enabled will simply find out their desired user name is already taken. This would be considered a progressive enhancement.

    But for now don't worry about the AJAX, it can be added later once things are working.
     
  7. Cerebrus' Maw macrumors 6502

    Joined:
    Mar 9, 2008
    Location:
    Brisbane, Australia
    #7
    Just like to point out a quick thing here:

    onSubmit is a Javascript event. If you want the page to post to itself via the form, you will be using the action atribute. Mostly, the onSubmit event is used to form validation (user has enter all fields, email is the correct format, name field has no numbers etc etc)

    I realize this might be "holding your hand" a bit, but just so you dont encounter this error down the road.
     
  8. MythicFrost thread starter macrumors 68040

    MythicFrost

    Joined:
    Mar 11, 2009
    Location:
    Australia
    #8
    Great thanks, I've added your code:
    Code:
    $result = mysql_query("SELECT * FROM Users WHERE username = '$username';", $mysqlCon);
    I have 3 questions if ya don't mind, why is there a ';' semicolon at the end of the SQL statement (after the '$username' part),

    Why do you do mysql_real_escape_string?

    And also, how do I check if $result has found something?

    Can I do
    Code:
    if ($result.Length > 0)
    {
    }
    or something similar?

    EDIT: Thanks a lot Cerebrus, I actually meant Action not onsubmit, thanks though :)

    Kind Regards
     
  9. angelwatt Moderator emeritus

    angelwatt

    Joined:
    Aug 16, 2005
    Location:
    USA
    #9
    In short, to protect from SQL-injection.

    See mysql_num_rows for checking if result has been found.
     
  10. Cerebrus' Maw macrumors 6502

    Joined:
    Mar 9, 2008
    Location:
    Brisbane, Australia
    #10
    1. This could be a type. the ; simply is where php executes a line (execute this), so it might not throw an error as it can be simply ignored. Not sure about this, as I do SQL statements a bit different, but it could be the same as writing
    Code:
    echo "test";;;;;;
    


    2. This escapes (IE Not parsed) certain characters from strings so that they do not get executed in your SQL statement. Protects you from SQL injection attacks. Always a good idea.

    3. If you are using a select stament, you can test a result by using:
    Code:
     if (mysql_num_rows($result)>0)
      {
          //there were rows found
      }
    else
      {
          //no rows found
       }
    
    If you are using update,delete or insert, and are wondering if they executed, you can do

    Code:
    if ($result)
      {
          //SQL executed
      }
    else
      {
          //SQL didnot execute
       }
    
     
  11. MythicFrost thread starter macrumors 68040

    MythicFrost

    Joined:
    Mar 11, 2009
    Location:
    Australia
    #11
    Ah thanks, I see.

    Which one of these is correct?

    Code:
    $result = mysql_query("SELECT * FROM Users WHERE username = '$username';", $mysqlCon);
    
    $result = mysql_query("SELECT * FROM Users WHERE username = '%s';", $username, $mysqlCon);
    Kind Regards
     
  12. angelwatt Moderator emeritus

    angelwatt

    Joined:
    Aug 16, 2005
    Location:
    USA
    #12
    The 1st. mysql_query only allows 1 or 2 arguments.
     
  13. MythicFrost thread starter macrumors 68040

    MythicFrost

    Joined:
    Mar 11, 2009
    Location:
    Australia
    #13
    I see, so this is correct?

    Code:
    $result = sprintf(mysql_query("SELECT * FROM Users WHERE username = '%s';", $mysqlCon), $username);
    Kind Regards
     
  14. angelwatt Moderator emeritus

    angelwatt

    Joined:
    Aug 16, 2005
    Location:
    USA
    #14
    Closer.

    PHP:
    $query sprintf("SELECT * FROM Users WHERE username = '%s';"$username);
    $result mysql_query($query);
    I don't recommend trying to combine them into a single statement. Go for readability.
     
  15. MythicFrost thread starter macrumors 68040

    MythicFrost

    Joined:
    Mar 11, 2009
    Location:
    Australia
    #15
    Thanks a lot, I think I have it this time:

    PHP:
    $query sprintf("SELECT * FROM Users WHERE username = '%s'"mysql_real_escape_string($username));
    $result mysql_query($query$mysqlCon);
    I didn't notice I was doing that LOL:eek:

    Kind Regards
     
  16. angelwatt Moderator emeritus

    angelwatt

    Joined:
    Aug 16, 2005
    Location:
    USA
    #16
    Looks good to me.
     
  17. MythicFrost thread starter macrumors 68040

    MythicFrost

    Joined:
    Mar 11, 2009
    Location:
    Australia

Share This Page