检查是否使用了用户名或电子邮件-PHP

Question

I am trying to check if the email or password is taken. When I type in a taken username, it says username taken, if I type in a taken email, it says email taken but if I type a taken Email AND Username, it says "Good" instead of "Username and email taken." Does anyone know why it isn't working?

    $userSql = "SELECT * FROM members WHERE username='$username'";
    $emailSql = "SELECT * FROM members WHERE email='$email'";
    $result = mysql_query($userSql);
    $result2 = mysql_query($emailSql);

    $count = mysql_num_rows($result);
    $count2 = mysql_num_rows($result2);

    if (!empty($first_name) && !empty($last_name) && !empty($email) && !empty($username) && !empty($password)) {
    if ($count != 1) {
        echo "<p style=\"color: red\">Email taken, try another. You may already have an account</p>";
    }
    else if ($count2 != 1) {
        echo "<p style=\"color: red\">Username taken, try another. You may already have an account</p>";
    }
    else if ($count != 1 && $count2 != 1) {
        echo "<p style=\"color: red\">Username and email taken, try another. You may already have an account</p>";
    }
    else {
        echo "<p>Good</p>";
    }

It's really frustation because I have no idea why it wouldn't work.

Answer 1

What you should do is set a constraint in your database for unique usernames and e-mail addresses . Then, try to do an insert and catch the exception when it fails. Otherwise, you could have a condition where nearly simultaneous users try to register at the same time, and between your SELECT and INSERT statements, the username or e-mail address might be used by someone else.

ALTER TABLE `members` ADD UNIQUE INDEX `email` (`email`);

You also have a real serious problem with SQL injection. Never concatenate data directly into a query, or you risk having the data getting confused with the command. The data must be escaped. The proper way to handle this is with prepared/parameterized queries which are available with PDO.