检查数据库中是否已存在用户名和电子邮件[重复]

【问题标题】:check if username and email already exists in database [duplicate]检查数据库中是否已存在用户名和电子邮件[重复]
【发布时间】:2019-03-25 03:57:02
【问题描述】:

我刚开始使用 php,如果您键入已经存在的用户名或密码,我尝试创建系统以拒绝“创建帐户”。谢谢,抱歉我的英语不好。 我已经尝试过了。不工作:link

这是我的 php:

<?php
session_start();

$db = mysqli_connect("localhost", "root", "", "itsnikola");

if (isset($_POST['register_btn'])) {
    $name = mysqli_real_escape_string($db, $_POST['name']);
    $lastname = mysqli_real_escape_string($db, $_POST['lastname']);
    $username = mysqli_real_escape_string($db, $_POST['username']);
    $email=mysqli_real_escape_string($db, $_POST['email']);
    $password=mysqli_real_escape_string($db, $_POST['password']);
    $password2=mysqli_real_escape_string($db, $_POST['password2']);

    if ($password == $password2) {
        session_start();
        $password = ($password);
        $sql="select * from account_info where (username='$username' or email='$email')";

        if (mysqli_num_rows($res) > 0) {
          $row = mysqli_fetch_assoc($res);
          if ($username==$row['username'])
          {
              $_SESSION['message'] = "Username je vec registrovan";
          }
          else($email==$row['email']){
              $_SESSION['message'] = "Email je vec registrovan"
          }
       else
        {
        $sql = "INSERT INTO users(name, lastname, username, email, password) VALUES('$name' , '$lastname' , '$username' , '$email' , '$password')";
        mysqli_query($db, $sql);
        $_SESSION['message'] = "Sada si ulogovan";
        $_SESSION['message'] = $username;
        header("location:login.php");
    }else {
        $_SESSION['message'] = "Ne podudaraju se lozinke!";
    }
}
?>

【问题讨论】:

  • 如果您能准确解释什么是不工作的——错误信息?没有插入数据库?未检测到重复?等

标签: php mysql validation email


【解决方案1】:

您在此行之前错过了非常重要的一行 if (mysqli_num_rows($res) &gt; 0)

$sql="select * from account_info where username='$username' or email='$email' ";

$res = mysqli_query($db, $sql); // you're missing this line to query by $sql 

if (mysqli_num_rows($res) > 0) {
// you're other code goes here 
}

【讨论】:

    【解决方案2】:

    首先session_start()被调用了2次。
    去掉if ($password == $password2) {里面的重复调用
    您的代码还缺少 ; 和一些 }(用于正确关闭您的 if 条件)

    现在的解决方案:
    在处理数据库查询的结果之前,您需要连接到数据库并执行适当的 SQL 命令,然后您才会得到您想要的结果。您的代码缺少此过程。
    在下面的代码中检查我的 cmets↓,然后在更正的代码中再次检查

    if ($password == $password2) {
        session_start(); // remove this repeated call
        $password = ($password);
        $sql="select * from account_info where (username='$username' or email='$email')";
        if (mysqli_num_rows($res) > 0) { // $res isn't defined
          $row = mysqli_fetch_assoc($res);
          if ($username==$row['username'])
          {
              $_SESSION['message'] = "Username je vec registrovan";
          }
          else($email==$row['email']){  // `else` doesn't work this way, use `elseif`
              $_SESSION['message'] = "Email je vec registrovan"  // ; missing
          }


    更正的代码

    if (isset($_POST['register_btn'])) {
    $name      = mysqli_real_escape_string($db, $_POST['name']);
    $lastname  = mysqli_real_escape_string($db, $_POST['lastname']);
    $username  = mysqli_real_escape_string($db, $_POST['username']);
    $email     = mysqli_real_escape_string($db, $_POST['email']);
    $password  = mysqli_real_escape_string($db, $_POST['password']);
    $password2 = mysqli_real_escape_string($db, $_POST['password2']);

    if ($password == $password2) {
        $password = ($password);
        $sql      = "SELECT * FROM users WHERE (username='$username' OR email='$email')";
        $res      = mysqli_query($db, $sql); // you were calling $res but it wasn't defined; this connects to the DB and executes SQL and then assigns the result
        if (mysqli_num_rows($res) > 0) {
            $row = mysqli_fetch_assoc($res);
            if ($username == $row['username']) {
                $_SESSION['message'] = "Username je vec registrovan";
            } elseif ($email == $row['email']) {  // changed `else` to `elseif` to include the condition, `else` doesn't accept conditional checks
                $_SESSION['message'] = "Email je vec registrovan";  // added ;
            }
        } else {
            $sql = "INSERT INTO users (name, lastname, username, email, password) VALUES ('$name', '$lastname', '$username', '$email', '$password')";
            if (mysqli_query($db, $sql)) {
                // New record inserted
                $_SESSION['message'] = "Sada si ulogovan";
                $_SESSION['message'] = $username;
                header("location: login.php");
            } else {
                echo("Error: " . mysqli_error($db));
            }
        }
    } // required to close the password checking condition
    else {
        $_SESSION['message'] = "Ne podudaraju se lozinke!";
    }
}

    建议:

    1. 使用准备好的语句而不是直接将用户提供的输入传递到 SQL
      (关键,您当前的代码容易受到 SQL 注入的攻击)
    2. 使用支持 PHP 并提供语法高亮的 IDE(Atom、Visual Studio Code、PhpStorm 等)

    【讨论】:

      【解决方案3】:

      我试过了

      <?php
session_start();

$db = mysqli_connect("localhost", "root", "", "itsnikola");
if (isset($_POST['register_btn'])) {
    $name      = mysqli_real_escape_string($db, $_POST['name']);
    $lastname  = mysqli_real_escape_string($db, $_POST['lastname']);
    $username  = mysqli_real_escape_string($db, $_POST['username']);
    $email     = mysqli_real_escape_string($db, $_POST['email']);
    $password  = mysqli_real_escape_string($db, $_POST['password']);
    $password2 = mysqli_real_escape_string($db, $_POST['password2']);

    if ($password == $password2) {
        $password = ($password);
        $sql      = "select * from account_info where (username='$username' or email='$email')";
        $res      = mysqli_query($db, $sql); // you were calling $res but it wasn't defined; this connects to the DB and executes SQL and then assigns the result
        if (mysqli_num_rows($res) > 0) {
            $row = mysqli_fetch_assoc($res);
            if ($username == $row['username']) {
                $_SESSION['message'] = "Username je vec registrovan";
            } elseif ($email == $row['email']) {  // changed `else` to `elseif` to include the condition, `else` doesn't accept conditional checks
                $_SESSION['message'] = "Email je vec registrovan";  // added ;
            } else {
                $sql = "INSERT INTO users(name, lastname, username, email, password) VALUES('$name' , '$lastname' , '$username' , '$email' , '$password')";
                mysqli_query($db, $sql);
                $_SESSION['message'] = "Sada si ulogovan";
                $_SESSION['message'] = $username;
                header("location:login.php");
            }
        } // required to close `if (mysqli_num_rows($res) > 0)`
    } // required to close the password checking condition
    else {
        $_SESSION['message'] = "Ne podudaraju se lozinke!";
    }
}
?>

      但不工作错误代码:

      警告:mysqli_num_rows() 期望参数 1 为 mysqli_result, 第 17 行 Z:\Programs\XAMPP\htdocs\register.php 中给出的布尔值

      【讨论】:

        猜你喜欢
        • 1970-01-01
        • 1970-01-01
        • 1970-01-01
        • 2014-03-15
        • 1970-01-01
        • 1970-01-01
        • 1970-01-01
        • 2014-05-10
        相关资源
        最近更新 更多
        热门标签
        Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode