Check username against one in database?

[afish674]

i'm trying to compare a user inputted username to one already in my database so I can see if the name is taken. I don't understand why my query isn't working or understand why $pdo->query($chkUsr); returns either false or the query string itself when it should display the RESULT of the query?

<?php} else{$username = $_POST['username'];$password = $_POST['password']; if (empty($username)){  die ('ERROR: Please enter your username!');  }if (empty($password)){  die('ERROR: Please enter your password!');} $username = makeSafe($username); try{  $pdo = new PDO("mysql:dbname=birthdays; host=localhost","root","mypassword!");}catch (PDOException $e){  die ("ERROR: Could not connect: " . $e->getMessage());} $chkUsr = "SELECT COUNT(*) FROM login WHERE username=$username";$result = $pdo->query($chkUsr);var_dump($result);if($pdo->query($chkUsr) = $username){  die('ERROR: This username is already taken!');}unset($pdo);}?>

Edited September 14, 2012 by afish674

[JamesB]

try putting single quotes around $username in the query

[niche]

Also, use die(mysql_error()) for more verbose error reporting.

[afish674]

Thanks for your replies.

try putting single quotes around $username in the query

This makes my $result variable return the SQL statement rather than false, which is a step in the right direction. But I want it to be the result of the query, so then I can test this against the form input username in the next conditional statement. How would I do this? I thought that

$chkUsr = "SELECT COUNT(*) FROM login WHERE username='$username'";$result = $pdo->query($chkUsr);

I thought that $result should now contain the result of "$pdo->query($chkUsr)" ?

Also, use die(mysql_error()) for more verbose error reporting.

Use this instead of the error messages I'm using at the moment? Ideally later on I'm going to remove the die() statements and use some better error reporting that won't terminate the script, Just using them as placeholders at the moment. In cases where I genuinly don't know whats happened then I'll deffo use this. Thanks. Edited September 17, 2012 by afish674

[JamesB]

I thought that

$chkUsr = "SELECT COUNT(*) FROM login WHERE username='$username'";$result = $pdo->query($chkUsr);

I thought that $result should now contain the result of "$pdo->query($chkUsr)" ?

from the PHP manual:"PDO::query() returns a PDOStatement object, or FALSE on failure." http://php.net/manual/en/pdo.query.php in your first post where you've got:

if($pdo->query($chkUsr) = $username){

that should be using 2 equal signs, as its a comparison not an assignment. but if you're wanting to check if a username exists, based on your existing query, you can check if the COUNT(*) gives anything but 0:

$chkUsr = "SELECT COUNT(*) FROM login WHERE username='$username'";$result = $pdo->query($chkUsr); $row = $result->fetch(PDO::FETCH_NUM);if($row[0] != 0){   die('ERROR: This username is already taken!');}

[Ingolme]

I don't think PDO uses mysql_error(). Have you checked the documentation for the PDO library on the PHP manual? I'm not familiar with it, but I would check to see where query results are given.