sql primary_key不起作用?
[英]sql primary_key doesnt work?
问题描述
i am currently working on a registration script for my website, and i noticed that when i register i can resubmit the form over and over and i have no idea why nothing stops me. 
我目前正在为我的网站编写注册脚本,我注意到当我注册时,我可以一遍又一遍地重新提交表格,我不知道为什么没有什么阻止我。 i mean, here's the PHP script to use to see if a user already exsists: 我的意思是,这是用于查看用户是否已经存在的PHP脚本:
function user_exists($username) {
$query = mysql_query("SELECT username FROM users WHERE username='$username'");
if (mysql_num_rows($query) != 0){
return true;
}
else{
return false;
}
}
and heres the SQL code i used to create the table: 这是我用来创建表的SQL代码:
CREATE TABLE IF NOT EXISTS `users` (
`user_id` int(11) NOT NULL AUTO_INCREMENT,
`username` varchar(32) CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL,
`password` varchar(128) CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL,
`email` varchar(1024) CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL,
`active` int(11) NOT NULL DEFAULT '0',
`ip` varchar(255) CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL DEFAULT '0.0.0.0',
`date` varchar(64) CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL,
PRIMARY KEY (`user_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 AUTO_INCREMENT=61 ;
so if anyone could help me with this, any help will be appriciated. 因此,如果有人可以帮助我,将提供任何帮助。
2 个解决方案
解决方案1
0 2014-02-19 00:24:23
this has nothing to do with answering your question, but everything to do with improving your ability to quickly write efficient & well written code: 这与回答您的问题无关,但与提高您快速编写高效且编写良好的代码的能力有关:
your way: 你的方式:
function user_exists($username) {
$query = mysql_query("SELECT username FROM users WHERE username='$username'");
if (mysql_num_rows($query) != 0){
return true;
}
else{
return false;
}
}
better written way: 更好的书面方式:
function user_exists($username) {
$query = mysql_query("SELECT username FROM users WHERE username='$username'");
if(mysql_num_rows($query) > 0) return true;
return false;
}
sql statement seems fine, as long as you are calling your function and testing it properly it should work. 只要您正在调用函数并对其进行正确测试,sql语句就可以正常工作。 although unless you are sanitizing your $username input before calling user_exists, you have a gaping security exploit right there ;) 尽管除非您在调用user_exists之前清理$ username输入,否则那里会有巨大的安全漏洞;)
解决方案2
0 2014-02-19 00:56:46
I see a couple of problems in your code snippet. 我在您的代码段中看到了几个问题。
1) The way that you are calling your user_exists() function, you are passing "true" as the username each time you call it. 1)调用user_exists()函数的方式是,每次调用时都将“ true”作为用户名传递。 You have... 你有...
if (user_exists($_POST['username'] == true)) {
$errors[] = "Username already registered.";
}
So the actual query you are running is... 因此,您正在运行的实际查询是...
SELECT username FROM users WHERE username='1';
Should be... 应该...
if (user_exists($_POST['username'])) {
$errors[] = "Username already registered.";
}
2) You are missing a parameter when you call mysql_query(). 2)调用mysql_query()时缺少参数。 There should be a second parameter with the connection. 连接中应该有第二个参数。
$query = mysql_query($"SELECT userName FROM csg.user WHERE userName='$username'",$con);
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.