i have this problem for checking for duplicate username in database. this error appear whether the username is duplicate and does not duplicate. Please help.

Warning: mysql_num_rows() expects parameter 1 to be resource, boolean in

<?php
include_once 'db/db.php';
include_once 'admin-class.php';
$admin = new itg_admin();


if(isset($_POST['Submit']))
{
    $con = mysql_connect("localhost","username","password","tablename");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  } 
    //---Encrypt ---//
    $confirmcode=md5(uniqid(rand()));
    $password=md5($_POST['password']);

    //---Insert value to table---//
    mysql_select_db( 'tablename' );

    $getduplicates = mysql_query("SELECT * FROM users WHERE username =$_POST[username]");
    $duplicates = mysql_num_rows($getduplicates);

 if($duplicates){
     echo "Username has been used.Please choose another username";
     ?>
        <script type="text/javascript">
        alert("Username has been used.Please choose another username");
        setTimeout('location.replace("registration.php")', 500);
    </script>

<?php
 }
 else {
     $sql = "INSERT INTO users(username,password,email,birthday,confirmcode)
    VALUES ('$_POST[username]','$password','$_POST[email]','$_POST[birthday]','$confirmcode')";
 }

    if(mysql_query($sql)){
     //----Send Comfirm Email----//
    $to = $_POST['email'];
    $subject = "Action Required to Activate Membership for Charity Techno Parts";
    $header = "From : Joey <joeyliew7@hotmail.com>";
    $message = "Thank you for your registering with us. \r\n" . "Click on the confirmation code link below to active            your account. \r\n" . 
                "http://stuweb.cms.gre.ac.uk/~lh026/webstore/confirmreg.php?confirmcode=$confirmcode" ;

    $sentmail = mail($to,$subject,$message,$header);
 }
 else {
     die('Error: ' . mysql_error());
 }

    if($sentmail)
    {
        ?>
        <script type="text/javascript">
        alert("Email is sent. You will be directeed to homepage");
        setTimeout('location.replace("index.php")', 500);
    </script>

<?php

    }
    else{
         die('Error: ' . mysql_error());
    }
}
mysql_close($con);
?>

boolean in line 22. what must be change to the code to make it work?

should

"SELECT * FROM users WHERE username =$_POST[username]"

be sprintf("SELECT * FROM users WHERE username = \"%s\"",$POST['username']);

with proper escape thingys whatever?

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.