Skip to main content

Validating and Inserting User Data in PHP/MySQL(i)


This tutorial is on how to take user input, check it against a database, and insert if it is not already present. This could be used for registration in terms of unique usernames.

First we need a database with one table. My database is called 'fln', table is called 'test', and it has two fields:
id, int, 5 length, primary key, auto increment.
username, varchar/string, 255 length

Next we need to make the PHP connection to our database, in mysqli we use the connect function which takes four parameters; the service server name for your MySQL service, username, password, and database name. Like so...

  1. <?php
  2. $con = mysqli_connect('localhost', 'root', '', 'fln'); //server, username, password, database name
  3. ?>

Ok. So now we can set up our user input. This is just going to be a simple one textbox and submit button form since the only column I have available in my database table and need for this tutorial's example is the username. My HTML form looks like so...

  1. <eadh>
  3. </head>
  4. <body>
  5. <form action='validation.php' method='POST'>
  6. Username: <input type='text' name='username' />
  7. <br/>
  8. <input type='submit' name='submit' value='Submit...' />
  9. </form>
  10. </body>
  11. </html>

The above form will send the data to the page I am currently editing, 'validation.php'. It is as a 'POST' method so that no one can edit it through the basic URL encoding.

PHP Data Validation:
Before we can do the validation, we first want to ensure (validate...) that the data is there. We do this by checking for post input of the variable name 'username', we set it to a variable if it is there...

  1. if (isSet($_POST['username']) && $_POST['username'] != '') {
  2. $user = $_POST['username'];
  3. }else
  4. echo 'No username input found. No post sent...';

Ok so now we have the user input username. Next we want to check whether the username already exists within our database table 'test'. We do this through a simple query statement selecting the rows containing the username...

  1. $checkQuery = mysqli_query($con, "SELECT * FROM `test` WHERE `username`='$user'");

We then count the amount of rows returned. If the rows returned is one (or more, although it shouldn't be more than one) we output that the username already exists, if no rows are returned we insert the username as a new row through a new 'insert' query statement and output accordingly...

  1. if (mysqli_num_rows($checkQuery) > 0) {
  2. echo 'That username already exists.';
  3. }else{
  4. $insertQuery = mysqli_query($con, "INSERT INTO `test` VALUES ('', '$user')");
  5. if ($insertQuery) {
  6. echo 'Inserted username successfully!';
  7. }else
  8. echo 'Failed to insert username although no rows previously existed...';
  9. }

Note; we insert a blank value followed the username because my first 'id' column is auto incrementing all by itself.


Note: Due to the size or complexity of this submission, the author has submitted it as a .zip file to shorten your download time. After downloading it, you will need a program like Winzip to decompress it.

Virus note: All files are scanned once-a-day by for viruses, but new viruses come out every day, so no prevention program can catch 100% of them.


1. Re-scan downloaded files using your personal virus checker before using it.
2. NEVER, EVER run compiled files (.exe's, .ocx's, .dll's etc.)--only run source code.

Add new comment

This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.