检查重复的用户帐户和电子邮件地址
问题描述:
我想检查一下用户名或电子邮件地址是否已经存在于我的数据库中。我目前可以连接到我的数据库并从注册表单中检索数据。但是,我的SQL语句无法检查我的数据库以查看用户是否存在。任何帮助表示赞赏,谢谢。检查重复的用户帐户和电子邮件地址
<?php
require 'database.php';
$conn = Connect();
if ($conn == true){
echo "Successfully connected to database. <br><br>";}
$username = $_POST['screenname'];
$password = $_POST['password'];
$email = $_POST['email'];
echo "$username<br>"; //just checkin if it can grab data
echo "$password<br>";
echo "$email<br>";
$sql=mysql_query("SELECT * FROM users WHERE screenname = '$username'");
if(mysql_num_rows($sql)>=1)
{
echo "Username already exists";
}
else
{
//insert query goes here
}
$sql2=mysql_query("SELECT * FROM users WHERE email = '$email'");
if(mysql_num_rows($sql2)>=1)
{
echo "Email already exists";
}
else
{
//insert query
}
?>
答
逻辑,编程和安全性(SQL注入攻击)的错误修正:
<?php
require 'database.php';
$conn = Connect();
if ($conn == true){
echo "Successfully connected to database. <br><br>";
}
$username = $_POST['screenname'];
$password = $_POST['password'];
$email = $_POST['email'];
echo "$username<br>"; //just checkin if it can grab data
echo "$password<br>";
echo "$email<br>";
$sql= sprintf("SELECT * FROM users WHERE screenname='%s' OR email='%s'",
mysql_real_escape_string($username),
mysql_real_escape_string($email)
);
if(mysql_num_rows($sql)>=1)
{
echo "Username or e-mail already exists";
}
else
{
//insert query goes here
}
+0
你也应该学习对象编程,2017年!使用对象PHP的MySQL连接:PDO! https://www.w3schools.com/PhP/php_mysql_connect.asp – JerzySBG
看起来不错,哪些部分不工作? – LordNeo
多数民众赞成多数民众认为,我也认为,当我输入相同的用户名注册它不会打,如果语句和回声如果用户名存在..它只是什么都不做。 – Gillky
如果你愿意,你可以首先回显'mysql_num_rows'的结果,检查它是否显示你真正期望的内容 – Swellar