尝试使用PHP检查MySQL数据库中是否已存在用户名

Question

I've looked at the many other posts that were similar to my issue and implemented their solutions (as far as I can tell) as exactly as I could. 我已经查看过与我的问题类似的许多其他帖子，并尽可能地实现了他们的解决方案（据我所知）。 However, every time I execute this script, the code in the else block is executed (even when the username inputted is one that is already present). 但是，每次执行此脚本时，都会执行else块中的代码（即使输入的用户名是已存在的用户名）。

The table name is 'Users' and the column that I am trying to search is 'username'. 表名是“用户”，我要搜索的列是“用户名”。 The input from my form was read into $username and I verified that it was read in properly using echo . 我的表单中的输入被读入$username ，我验证它是使用echo正确读取的。 $con contains the connection to the server. $con包含与服务器的连接。

At some point I also put in echo $query (nothing was printed) and echo mysql_num_rows($query) (nothing was printed). 在某些时候我也放入echo $query （没有打印）和echo mysql_num_rows($query) （没有打印）。

Here's the relevant segment of the code. 这是代码的相关部分。 Would really appreciate some tips. 真的很感激一些提示。

$query = mysql_query("SELECT username FROM Users WHERE username=$username", $con);

  if (mysql_num_rows($query) != 0)
  {
      echo "Username already exists";
  }

  else
  {
    ...
  }

EDIT: Apparently I was supposed to be using mysqli for my server and the way I checked the num_rows for that was by doing $query->num_rows since it was a property of the object. 编辑：显然我应该使用mysqli为我的服务器和我检查num_rows的方式是通过执行$ query-> num_rows，因为它是对象的属性。 Thanks for all the help! 感谢您的帮助！

Answer 1

change your query to like. 将您的查询更改为喜欢。

$username = mysql_real_escape_string($username); // escape string before passing it to query.
$query = mysql_query("SELECT username FROM Users WHERE username='".$username."'");

However, MySQL is deprecated. 但是，MySQL已被弃用。 You should instead use MySQLi or PDO 您应该使用MySQLi或PDO

Answer 2

Try this: 试试这个：

$query = mysql_query("SELECT username FROM Users WHERE username='$username' ")

Don't add $con to mysql_query() function. 不要将$con添加到mysql_query()函数中。

Disclaimer: using the username variable in the string passed to mysql_query , as shown above, is a trivial SQL injection attack vector in so far the username depends on parameters of the Web request (query string, headers, request body, etc), or otherwise parameters a malicious entity may control. 免责声明：在传递给mysql_query的字符串中使用username变量，如上所示，是一个简单的SQL注入攻击向量，到目前为止username依赖于Web请求的参数（查询字符串，标题，请求体等），或者其他恶意实体可能控制的参数。

Answer 3

~~$query = mysql_query("SELECT username FROM Users WHERE username='$username' ")~~ ~~$ query = mysql_query（“SELECT username FROM Users WHERE username ='$ username'”）~~

Use prepared statements , do not use mysql as it is deprecated. 使用预准备语句 ，不要使用mysql，因为它已被弃用。

// check if name is taken already
$stmt = $link->prepare("SELECT username FROM users WHERE username = :username");
$stmt->execute([
    'username' => $username
]);
$user = $stmt->fetch(PDO::FETCH_ASSOC);

if (isset($user) && !empty($user)){
    // Username already taken
}

Answer 4

TRY THIS ONE 尝试这一个

 mysql_connect('localhost','dbuser','dbpass');

$query = "SELECT username FROM Users WHERE username='".$username."'";
mysql_select_db('dbname');

    $result=mysql_query($query);

   if (mysql_num_rows($query) != 0)
   {
     echo "Username already exists";
    }

    else
   {
     ...
    }

Answer 5

Everything is fine, just one mistake is there. 一切都很好，只有一个错误。 Change this: 改变这个：

$query = mysql_query("SELECT username FROM Users WHERE username=$username", $con);
$query = mysql_query("SELECT Count(*) FROM Users WHERE username=$username, $con");

if (mysql_num_rows($query) != 0)
{
    echo "Username already exists";
}
else
{
  ...
}

SELECT * will not work, use with SELECT COUNT(*) . SELECT *不起作用，使用SELECT COUNT(*) 。

Answer 6

$firstname = $_POST["firstname"];
$lastname = $_POST["lastname"];
$email = $_POST["email"];
$pass = $_POST["password"];

$check_email = mysqli_query($conn, "SELECT Email FROM crud where Email = '$email' ");
if(mysqli_num_rows($check_email) > 0){
    echo('Email Already exists');
}
else{
    if ($_SERVER["REQUEST_METHOD"] == "POST") {
    $result = mysqli_query($conn, "INSERT INTO crud (Firstname, Lastname, Email, Password) VALUES ('$firstname', '$lastname', '$email', '$pass')");
}
    echo('Record Entered Successfully');
}

Answer 7

Here's one that i wrote: 这是我写的一个：

$error = false;
$sql= "SELECT username FROM users WHERE username = '$username'";
$checkSQL = mysqli_query($db, $checkSQL);

if(mysqli_num_rows($checkSQL) != 0) {
   $error = true;
   echo '<span class="error">Username taken.</span>';
}

Works like a charm! 奇迹般有效！

Answer 8

Change this 改变这个

$query = mysql_query("SELECT username FROM Users WHERE username=$username", $con);

To 至

$query = mysql_query("SELECT username FROM Users WHERE username='$username'");

Answer 9

PHP 7改进了查询.........

$sql = mysqli_query($conn, "SELECT * from users WHERE user_uid = '$uid'"); if (mysqli_num_rows($sql) > 0) { echo 'Username taken.'; }

尝试使用PHP检查MySQL数据库中是否已存在用户名

问题描述

9 个解决方案

解决方案1
10 2013-11-30 05:09:21

解决方案2
3 2013-11-30 05:16:07

解决方案3
1 2018-12-07 18:27:46

解决方案4
-1 2014-09-09 13:03:02

解决方案5
-1 2015-08-25 06:54:42

解决方案6
-1 2017-04-20 14:57:00

解决方案7
-1 2017-09-12 04:02:39

解决方案8
-2 2013-11-30 05:11:49

解决方案9
-2 2017-11-17 17:11:17

尝试使用PHP检查MySQL数据库中是否已存在用户名

问题描述

9 个解决方案

解决方案1 10 2013-11-30 05:09:21

解决方案2 3 2013-11-30 05:16:07

解决方案3 1 2018-12-07 18:27:46

解决方案4 -1 2014-09-09 13:03:02

解决方案5 -1 2015-08-25 06:54:42

解决方案6 -1 2017-04-20 14:57:00

解决方案7 -1 2017-09-12 04:02:39

解决方案8 -2 2013-11-30 05:11:49

解决方案9 -2 2017-11-17 17:11:17

解决方案1
10 2013-11-30 05:09:21

解决方案2
3 2013-11-30 05:16:07

解决方案3
1 2018-12-07 18:27:46

解决方案4
-1 2014-09-09 13:03:02

解决方案5
-1 2015-08-25 06:54:42

解决方案6
-1 2017-04-20 14:57:00

解决方案7
-1 2017-09-12 04:02:39

解决方案8
-2 2013-11-30 05:11:49

解决方案9
-2 2017-11-17 17:11:17