0

So I have this code:

$query = "SELECT COUNT(id) FROM users WHERE UPPER(username) = UPPER($name)";
$result = mysql_query($query);
list($count) = mysql_fetch_row($result);
if($count >= 1) { 
echo 'Username already exists; }

and for some reason when I test it on my wamp server I get back: "Warning: mysql_fetch_row() expects parameter 1 to be resource, boolean given in..." but it gets the job done! User is registered. I know you must first do the query and then fetch rows but I did that! So what is the problem :/

future_man
  • 5
  • 4

2 Answers2

0

If $name is a literal, you probably need to quote it in the SQL:

$query = "SELECT COUNT(id) FROM users WHERE UPPER(username) = UPPER('$name')";

You should also make sure it doesn't contain any unescaped quotes (see previous comment about bobby-tables ...)

Steve Shipway
  • 3,482
  • 1
  • 19
  • 39
0

Your SQL query probably has a syntax error. Do this:

$sname = mysql_real_escape_string($name);
$query = "SELECT COUNT(id) FROM users WHERE UPPER(username) = UPPER('$sname')";

echo $query;


if (($result = mysql_query($query)) == false) {
  die(mysql_error);
}
list($count) = mysql_fetch_row($result);
if($count >= 1) { 
  echo 'Username already exists; }

And of course: you should be using mysqli or PDO as mysql is deprecated.

  • thanks for your response however mysqli doesn't work for me for some reason, I have to go and work on that. However I have a question, do I have to escape my string (mysql_real_escape_string($name)) before $query = "SELECT .... ? – future_man Jul 05 '13 at 02:17
  • or do I write it like this: $query = "SELECT COUNT(id) FROM users WHERE UPPER(username) = UPPER(mysql_real_escape_string($name))"; – future_man Jul 05 '13 at 02:18
  • Actually, the clearest answer is probably `$sname = mysql_real_escape_string(strtoupper($name));` and change the WHERE clause to`WHERE UPPER(username) = '$sname'`, but it probably doesn't matter much. –  Jul 05 '13 at 02:26
  • yea I could also wrote it like this, thanks – future_man Jul 05 '13 at 02:33