Simple $_POST validation question

If the condition doesn't match then redirect with an error message, for example:

<?php

session_start();

if($_POST['submit'])
{
    $db = /* connection to database */
    $stmt = $db->prepare("SELECT username FROM users WHERE username = ?");
    $stmt->execute(array($_POST['username']));
    $row = $stmt->fetch(PDO::FETCH_NUM);

    # if FALSE then the username does not exists
    if($row === false)
    {
        # continue the registration process
    }

    else
    {
        # redirect with error message
        $_SESSION['error'][] = 'Username already in use';
        header('Location: ' . $_SERVER['HTTP_REFERER']);
    }
}

And in your form page:

<?php
    # always on top of file
    session_start();

And below, in your page, you display the errors:

<?php
    if($_SESSION['error'])
    {
        foreach($_SESSION['error'] as $err)
        {
            echo "<p>{$err}</p>";
        }

        # unset error messages
        $_SESSION['error'] = null;
    }
?>

Then it's up to you when validate the other submitted data (before or after verifying the username), but you should never rely on javascript, even using AJAX: it can be disabled.

you can use ajax to prevent submission : disable the submit button when ajax returns an error, enable submission when ajax confirms error corrected

.

but clientside validation, isnt, it just helps a little

Right. I understand the logic. What I dont understand is what is keeping php from posting to a database when it is already in the $_POST function.

cereal's answer above demonstrates a short code version

check if username exists,
submit if not exist,
return to referring page if username exists
the error message 'username already exists' will be available to the script when the page returns to the form

some tweaking to match your site code, it is a functional example

Let me first apoligize. Maybe I'm not asking my question correctly. I know that code works, I've been using one similar to it and it work perfectly. I come from a c++ background and I'm not use to a function just doing something without being specifically told to. So when I think of someone clicking the submit button I'm assuming the data is going to submit not matter what is inside because the submit function has been invoked.

php code is executed onload, unless explicitly coded as a function for later call
function name([variable list]) { code }
cereal's sample,
and yours,(not meant as disparagement)
will execute,
and return a result,
not always the expected result
but a result

the submit button submits the form as, name:value pairs, to the formhandler described in action='filename'
the formhandler then uses its code to validate, sanitise, & decide whether to
submit to the database, or
return for correction, or
discard the submission,
however coded by the developer.
Nothing is predetermined by language constructs

submission of incomplete or incorrect forms to the database, is always a bug in the handler script
some value not checked, within range, already in use, etc
to Stop the user submitting the form when an error is reported, is easy, disable submission until all fields are correctly filled, you are using ajax so its easy
Start with the submit button disabled
<input id='subm' type='submit' disabled='disabled'>

to stop unreported errors being submitted (there is always the chance, however small, of two users posting to the db at the same time) validate again in the form handler, and return