Case sensitivity and srttolower prepared statements..
Posted: Tue Oct 01, 2013 3:48 am
Hi all,
I made a function that shall check if a username has a certain length, should not begin with a number and shall check the current user db so that the username or email doesnt exist.
The problem is I allow (and want to allow) case sensitive usernames when I store them into the db but I dont want to allow another user having the same username where they use for example capital letters..
Like if a user is called Pelle i dont want another user to be able to register pelle or PELLE.
One solution would be to add a new column (userlow) in my db where i store the username in lowercase using the function strtolower and use that function in the code above to check against for example userlow but I dont want to add another coulmn.
So is it possible to in the code above convert $username to lowletters and then somehow check it against the stored value in the db converted to lowletters without to bind the result from the stored username to for example $db_username and then compare the two?
Thanks
I made a function that shall check if a username has a certain length, should not begin with a number and shall check the current user db so that the username or email doesnt exist.
The problem is I allow (and want to allow) case sensitive usernames when I store them into the db but I dont want to allow another user having the same username where they use for example capital letters..
Like if a user is called Pelle i dont want another user to be able to register pelle or PELLE.
Code: Select all
<?php
function verifyusername($username, $email, $mysqli) {
if (strlen($username) <3 || strlen($username) > 16){
//Kolla sa att anvandarnamnet ar mellan 3 och 16 bokstaver
echo 'Username should be 3 to 16 characters please';
exit();
} else {
//Kolla sa att anvandarnamnet inte borjar pa en siffra
if (is_numeric($username[0])) {
echo 'Usernames must begin with a letter';
exit();
} else {
//kontrollera username mot databasen
if($stmt=$mysqli->prepare("SELECT * FROM users WHERE username = ? LIMIT 1")) {
$stmt->bind_param('s', $username); // Bind "$username" to parameter (string).
$stmt->execute();
$stmt->store_result();
$stmt->bind_result($user_id); // get variables from result.
$stmt->fetch();
if($stmt->num_rows == 1) { // If the user exists
echo 'User already exists';
exit();
// return false;
} else {
//kontrollera emailadressen mot databasen
if($stmt=$mysqli->prepare("SELECT * FROM users WHERE email = ? LIMIT 1")) {
$stmt->bind_param('s', $email); // Bind "$email" to parameter.
$stmt->execute();
$stmt->store_result();
$stmt->bind_result($user_id); // get variables from result.
$stmt->fetch();
if($stmt->num_rows == 1) { // If the user exists
echo 'Email already exists';
exit();
// return false;
}
return true;
}
return true;
}
return true;
}
return true;
}
return true;
}
return true;
}
?>So is it possible to in the code above convert $username to lowletters and then somehow check it against the stored value in the db converted to lowletters without to bind the result from the stored username to for example $db_username and then compare the two?
Thanks