Unexpected elseif in simple form validation

Question

I just made a signup form and I encountered a problem when I added the final validations (the MySQL ones).

This is the error that I get: Parse error: syntax error, unexpected 'elseif' (T_ELSEIF) in C:\xampp\htdocs\Signup\includes\signup.php on line 72

Row 72 has been marked to help you figure it out.

else
        {
            require_once("db_connect.php");

            // Email validation
            $query_email="SELECT email FROM users WHERE email='$email'";
            $result_email=mysql_query($query_email) or die (mysql_error());
            if (mysql_num_rows($result_email)>0)
            {
                echo "You already have an account registered on this email.";
            }

            // Username validation
            $query_username="SELECT username FROM users WHERE username='$username'";
            $result_username=mysql_query($query_username) or die (mysql_error());
            elseif (mysql_num_rows($result_username)>0) /* !!! ROW 72 !!! */
            {
                echo "Username already registered. Pick something else";
            }

            // Add new user to database
            else
            {
                $query="INSERT INTO users VALUES ('', '$username', '$password', '$email', '$first_name', '$last_name', '$birthday', '$sex', '', '$registered', '')";
                mysql_query($query) or die (mysql_error());
                echo "User created!";
            }

        }

If I comment everything between // Username validation and // Add new user to database everything works OK (except for the fact that I don't have a username validation).

In case you wonder what $username is:

$username = mysql_real_escape_string($_POST['username']);

I've read some of the questions on SO about unexpected elseif but I just don't get it in my case. The brackets seem alright and elseif is supplied with a condition. Please let me know before downrating so I can edit my question. Thanks!

Answer 1

change this:

// Username validation
            $query_username="SELECT username FROM users WHERE username='$username'";
            $result_username=mysql_query($query_username) or die (mysql_error());
            elseif (mysql_num_rows($result_username)>0) /* !!! ROW 72 !!! */
            {
                echo "Username already registered. Pick something else";
            }

to this:

// Username validation
            $query_username="SELECT username FROM users WHERE username='$username'";
            $result_username=mysql_query($query_username) or die (mysql_error());
            if (mysql_num_rows($result_username)>0) /* !!! ROW 72 !!! */
            {
                echo "Username already registered. Pick something else";
            }

It is unexpected because else if is an else conditional to an initial if conditional, sequentially joined by the curly braces in standard format. Your example code here has no initial if conditional.

Your last else statement will need some other kind of check to determine if insert is necessary.

Here is an alternative:

// Email validation
            $query_email="SELECT * FROM users WHERE email='$email' OR username='$username'";
            $result_email=mysql_query($query_email) or die (mysql_error());
            if (mysql_num_rows($result_email)>0)
            {
                echo "There is already an account registered on this email or that username is already taken.";
            }
            else
            {
                // Add new user to database
                $query="INSERT INTO users VALUES ('', '$username', '$password', '$email', '$first_name', '$last_name', '$birthday', '$sex', '', '$registered', '')";
                mysql_query($query) or die (mysql_error());
                echo "User created!";
            }

Also, please note that you need to sanitize this input. I don't know what you're currently doing to ensure $username or $email are not hijack attempts. In addition, mysql_ functions are deprecated. Switch to PDO or mysqli and use prepared statements to sanitize input.