OK, first, is that really what you want to do, any time anybody submits
anything that doesn't match a username already in the database, insert a new record?? Someone could fill up your database with junk, and any time someone makes a typo when they enter their username, you create a new record? Doesn't sound like a good plan to me. Ordinarily, you would check to see if there's a match and if there's not, redirect to a page that asks the user if they want to open a new account.
Then, you have several critical omissions in your query code. Your variable $dbunames is not a simple variable, it is a "resource", which means that your code must either
fetch rows from the resource and then examine the row array to get to the data itself, or you can check the number of rows returned in the resource to know whether or not there was a match. It must look something like this:
Code: Select all
$dbunames = mysql_query("SELECT * FROM users WHERE username='$username'");
if(mysql_num_rows($dbunames) > 0)
{
// there was a match, so redirect to the authorized page, or whatever
} else {
// there was no match, so redirect to another page,
// determine whether the user wants to open a new account, if so,
// THEN proceed with your insertion
}
Then you are using
raw input from the html form as input to your database, a highly dangerous practice. I could enter some simple code into the "name" or "password" form input and gain access to all your data or delete all your data! There's a lot written about this "SQL injection" -- Google that term. You must
always screen or "cleanse" input from html forms.