Cannot register the new user if the table is empty

StackOverflow https://stackoverflow.com/questions/14059350

  •  12-12-2021
  •  | 
  •  

Question 

$query = "SELECT username, email
              FROM members
              WHERE username = :username OR email = :email";
    $stmt = $sql->prepare($query);
    $stmt->execute(array(
        ':username' => $_POST['username'],
        ':email' => $email
    ));

    $existing = $stmt->fetchObject();

    if ($existing)
    {
        if ($existing->username == $_POST['username'])
        {
            $errors['username'] = "Username already in use !";
        }
        if ($existing->email == $email)
        {
            $errors['email'] = "Mail already in use !";
        }
    }

This is the part of register.php file. Not sure that just this part is responsible for the problem, but I suppose.
So, if table members is empty, and form is submitted - Firefox shows it's busy-gif about a half minute, but ends without registering new user, and without showing any error. Just keep freezing.
Then i press F5 - a window to approve resend information appears - click Resend - and the new user is registered.
If the tablemembersis not empty - everything works normally.
It seems - problem is because the code above is busy to find non-existing data.
If so, how to tell something like - if the table is empty - stop trying - just register the new user.

Was it helpful?

Solution

I'm pretty sure $existing = $stmt->fetchObject(); is fetching you an empty object, but one that does not implicitly evaluate to false. After that there's nothing in your code that would trigger, leading to your blank output.

Try a var_dump($existing) to see what your code is actually operating on.

edit

$existing = $stmt->fetchObject(); //this might be returning an empty object

if ($existing) { //empty objects evaluate to true
    if ($existing->username == $_POST['username']) {
        $errors['username'] = "Username already in use !";
    } else if ($existing->email == $email) {
        $errors['email'] = "Mail already in use !";
    } else {
        //this will trigger if something ELSE is wrong other than what you're explicitly checking for.
        $errors['other'] = "Something else is wrong.\n" . var_export($existing, TRUE);
    }
}

OTHER TIPS

It should be noted that it is generally a bad idea from a security standpoint to confirm to a would-be attacker that a username or email address exists in your system. This presumably would give them half of the information needed to execute a dictionary attack on your login.

I would make the the username and email fields in your table have unique indexes, and just go straight to the insert. If the insert fails because one of the uniqueness constraints doesn't allow it, just give the user a generic message about not being able to register.

This will also happen to save you a lot of unnecessary queries against the database.

Should $email be $_POST['email']? And what is the full code - you don't have a closing if brace here. In that case, everything after would only execute if $existing is true. So the first time, nothing would be displayed. Also, it's better to use database constraints to ensure no duplicates like MySQL - Meaning of "PRIMARY KEY", "UNIQUE KEY" and "KEY" when used together while creating a table

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top