PHP MySql-检查值是否存在
[英]PHP MySql - Check if value exists
问题描述
Need to check if both the EMAIL_ADDRESS and ACTIVATION_CODE exist within a MySql Table, if so return "Code is valid" ,else "Code is NOT valid" . 
需要检查MySql表中是否同时存在EMAIL_ADDRESS和ACTIVATION_CODE ,如果返回,则返回"Code is valid" ,否则返回"Code is valid" "Code is NOT valid" 。
At present it's always returning code not valid, however I've checked the record in the table and the queried code does exist. 目前,它总是返回无效的代码,但是我检查了表中的记录,并且所查询的代码确实存在。
$email = $_POST['email'];
$acticode = $_POST['code'];
$result = mysql_query("SELECT * FROM xActivate WHERE EMAIL_ADDRESS='$email' AND ACTIVATION_CODE='$acticode' LIMIT 1");
if (mysql_fetch_row($result)) {
echo 'Code is valid';
} else {
echo 'Code is NOT valid';
}
1 个解决方案
解决方案1
3 2014-04-13 03:08:04
But this code is not secure: 但是此代码并不安全:
$email = $_POST['email'];
$acticode = $_POST['code'];
$result = mysql_query("SELECT * FROM xActivate WHERE EMAIL_ADDRESS='$email' AND ACTIVATION_CODE='$acticode' LIMIT 1");
$data = mysql_fetch_row($result);
if (mysql_num_rows($result) > 0) {
echo 'Code is valid';
} else {
echo 'Code is NOT valid';
}
To secure and prevent SQL Injection: 为了保护和防止SQL注入:
$email = mysql_real_escape_string($_POST['email']);
$acticode = mysql_real_escape_string($_POST['code']);
Please note: 请注意:
http://ca1.php.net/mysql_real_escape_string http://ca1.php.net/mysql_real_escape_string
Warning
This extension is deprecated as of PHP 5.5.0, and will be removed in the future.
mysqli_real_escape_string() PDO::quote()
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.