[英]Check if username or email is taken - PHP
I am trying to check if the email or password is taken. 我正在尝试检查是否已使用电子邮件或密码。 When I type in a taken username, it says username taken, if I type in a taken email, it says email taken but if I type a taken Email AND Username, it says "Good" instead of "Username and email taken."
当我输入一个接受的用户名时,它表示用户名已接受,如果我输入一个接受的电子邮件,则表明电子邮件已接受,但是如果我输入一个接受的电子邮件和用户名,则显示为“好”,而不是“用户名和电子邮件已接受”。 Does anyone know why it isn't working?
有谁知道为什么它不起作用?
$userSql = "SELECT * FROM members WHERE username='$username'";
$emailSql = "SELECT * FROM members WHERE email='$email'";
$result = mysql_query($userSql);
$result2 = mysql_query($emailSql);
$count = mysql_num_rows($result);
$count2 = mysql_num_rows($result2);
if (!empty($first_name) && !empty($last_name) && !empty($email) && !empty($username) && !empty($password)) {
if ($count != 1) {
echo "<p style=\"color: red\">Email taken, try another. You may already have an account</p>";
}
else if ($count2 != 1) {
echo "<p style=\"color: red\">Username taken, try another. You may already have an account</p>";
}
else if ($count != 1 && $count2 != 1) {
echo "<p style=\"color: red\">Username and email taken, try another. You may already have an account</p>";
}
else {
echo "<p>Good</p>";
}
It's really frustation because I have no idea why it wouldn't work. 真的很沮丧,因为我不知道为什么它不起作用。
What you should do is set a constraint in your database for unique usernames and e-mail addresses . 您应该做的是在数据库中为唯一的用户名和电子邮件地址设置一个约束 。 Then, try to do an insert and catch the exception when it fails.
然后,尝试插入并在异常失败时捕获异常。 Otherwise, you could have a condition where nearly simultaneous users try to register at the same time, and between your SELECT and INSERT statements, the username or e-mail address might be used by someone else.
否则,您可能会遇到以下情况:几乎同时使用的用户尝试同时注册,并且在SELECT和INSERT语句之间,其他人可能会使用用户名或电子邮件地址。
ALTER TABLE `members` ADD UNIQUE INDEX `email` (`email`);
You also have a real serious problem with SQL injection. SQL注入也有一个严重的问题。 Never concatenate data directly into a query, or you risk having the data getting confused with the command.
切勿将数据直接串联到查询中,否则您有使数据与命令混淆的风险。 The data must be escaped.
数据必须转义。 The proper way to handle this is with prepared/parameterized queries which are available with PDO.
处理此问题的正确方法是使用PDO 提供的准备好的/参数化的查询 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.