$c_e = mysql_num_rows(mysql_query("SELECT id FROM users where name='".$_POST ["name"]."'")); {if ($c_e>0) {$errm .= "Логин занят"; $error=1;}}

Tell me what is the error?

  • one
    And what a mistake? I, besides the maturing SQL injection , did not see anything. - Costantino Rupert
  • one
    ? what infection? - k0mar 4:34 pm
  • mysql_real_escape_string before the request, but in general there are no reasons why the code could not be executed, I don’t see ... What exactly does not work? - Zowie
  • @Prikol doesn’t hurt to familiarize yourself with this topic: What vulnerabilities, besides SQL injection and XSS, are worth checking out the site? - angry

1 answer 1

Obviously bad form) Try this:

 $name= mysql_escape_string($_POST ["name"]); $res = mysql_query("SELECT id FROM users where name='$name'"); $c_e = mysql_num_rows($res); if ($c_e>0) { $errm .= "Логин занят"; $error=1; }

PS "What kind of infection?" - ahahahahaha