mysql - PHP exception handling after SQL insert -

-

i creating simple registration form in php, when user tries register there popup javascript alert succes or fail message.

now want catch sql exception show if username or email excists in database instead of standard fail message.

this code have far:

if(isset($_post['btn-signup'])) {   $uname = mysql_real_escape_string($_post['uname']);   $email = mysql_real_escape_string($_post['email']);   $upass = md5(mysql_real_escape_string($_post['pass']));    if(mysql_query("insert user(username,password,email) values('$uname','$upass','$email')")) { ?>     <script>alert('successfully registered ');</script> <?php } else{ ?>     <script>alert('error while registering you...');</script> <?php  } } ?>

how can check if email or username excists in database? both variable's unique in database.

from comments:

i don't want 2 queries while database can return exception me. if there 10 million records in table, don't want check them before inserting new one.

ok, have 1 query insert , check unique? have insert on unique_index mysql column, can catch these sort of exceptions following style of answer shameless stolen answer this question:

in case of answer we'll assume you're using pdo, because should. please read it. 

// pre-setup database connection somewhere, include (or class) $link = new pdo("mysql:host=$dbhost;dbname=$dbname",$dbusername,$dbpassword); // pdo needs set in exception mode: $link->setattribute( pdo::attr_errmode, pdo::errmode_exception );  //input processing functions. // (entirely optional) $uname = mycleanerfunction($_post['uname']); $email = mycleanerfunction($_post['email']); //please see note below re:md5 //$upass = md5($_post['pass']);  $options['cost'] = 12; $upass = password_hash($_post['pass'],password_bcrypt,$options);  //now reach code part:     try {         //pdo query execution goes here:           $statement = $link->prepare("insert user(username,password,email) values(:uname, :email, :pass)"));          $statement->bindvalue(":uname", $uname);          $statement->bindvalue(":email", $email);          $statement->bindvalue(":pass", $upass);          $statement->execute();          //reaching here ok!      }     catch (\pdoexception $e) {         if ($e->errorinfo[1] == 1062) {             // insert query failed due key constraint violation.             // means failed because primary key              // (the email) appears in database table.         }         if($e->errorinfo[1] == 9999){           // possible other if clauses other errors in insert.         }     }

you read catching , outputting pdo errors. mysql unique key constraints.

  • also useful alternative viewpoint should not catch pdo exceptions.

  • also please note md5 extremely weak hash storing passwords , php password_hash function much preferred way of doing it.

  • please use prepared statements mysql interactions, layout above rough guide how , similar mysqli , pdo. prepared statements go long way towards securing data malicious user input.


Comments

Post a Comment

Popular posts from this blog

java - Static nested class instance -

-
this question has answer here: java inner class , static nested class 23 answers i came across in java, know static nested class why create instance of 'static'. isn't whole idea of 'static' use without instance? understand concept of inner classes, why (and frankly how possible to) create 'instance' of 'static' member @ ? why this: 1- outerclass.staticnestedclass nestedobject = new outerclass.staticnestedclass(); 2- nestedobject.anestedclassmethod(); and not this: 1- outerclass outerinstance=new outerclass(); 2- outerinstance.staticnestedclass.anestedclassmethod(); use on inner classes, keyword static indicates can access inner class without instance of outer class. for example: public class outer { public static class inner { /* code here. */ } } with construction, can create instance of inn
Read more

c# - Bluetooth LE CanUpdate Characteristic property -

-
i building xamarin.forms cross platform mobile app, uses monkey.robotics bluetoth low energy functionality. connecting mbed based implimentation of custom gatt service . in xamarin c#, triggers characteristic. canupdate property in monkey.robotics? this standard example c# based on: if (characteristic.canupdate) { characteristic.valueupdated += (s, e) => { debug.writeline("characteristic.valueupdated"); device.begininvokeonmainthread( () => { updatedisplay(characteristic); }); isbusy = false; // spin until first result received }; isbusy = true; characteristic.startupdates(); } this has been working, since changed own custom gatt service connecting to, canupdate property false. property , how triggered? me debugging gatt service code. thanks monkey.robotics open sour
Read more

JavaScript - Replace variable from string in all occurrences -

-
ok, know if have character '-' , want remove in places in string javascript, ... someword = someword.replace(/-/g, ''); but, when applying array of characters, s not working ... const badchars = ('\/:*?"<>|').split(''); let filename = title.replace(/ /g, '-').tolocalelowercase(); (let item = 0; item < badchars.length; item++) { // below not work global '/ /g' filename = filename.replace(/badchars[item]/g, ''); } any ideas? /badchars[item]/g looks badchars , literally, followed i , t , e , or m . if you're trying use character badchars[item] , you'll need use regexp constructor, , you'll need escape regex-specific characters. escaping regular expression has been well-covered . using that: filename = filename.replace(new regexp(regexp.quote(badchars[item]), 'g'), ''); but , don't want that. want character class: let filename = title.replac
Read more