检查用户名/电子邮件是否可用方法
[英]Check if username/email available method
问题描述
I try to make a secure method that checks if a username or email is not taken and I'm not sure if this is the right way.
我尝试制定一种安全的方法来检查用户名或电子邮件是否未被占用,但我不确定这是否是正确的方法。 How can I do this better?我怎样才能做得更好?
private function checkAvailability() {
try {
$conn = new PDO(DB_SERVER, DB_USER, DB_PASS);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$sql = ("SELECT COUNT(*) FROM users WHERE username = :username OR email = :email");
$st = $conn->prepare($sql);
$st->bindValue(":username", $_POST["username"], PDO::PARAM_STR);
$st->bindValue(":email", $_POST["email"], PDO::PARAM_STR);
$st->execute();
if($st->fetchColumn() > 0) {
$sql = ("SELECT COUNT(*) FROM users WHERE username = :username");
$st = $conn->prepare($sql);
$st->bindValue(":username", $_POST["username"], PDO::PARAM_STR);
$st->execute();
if($st->fetchColumn() > 0) {
throw new Exception("That username is already taken");
} else {
throw new Exception("That e-mail is already registered.")
}
return 0;
} else {
return 1;
}
$conn = null;
} catch (PDOException $e) {
echo "Database error: " . $e->geMessage();
} catch (Exception $e) {
echo "Registration failed: " . $e->geMessage();
}
}
public function registerUser() {
if(self::checkAvailability) {
// register user
}
}
1 个解决方案
解决方案1
2 已采纳 2014-06-16 09:57:00
You are already on the right path here.您已经走在正确的道路上。
The query SELECT COUNT(*) FROM users WHERE username = :username OR email = :email can be a performance problem, because the db can't use any index here.查询SELECT COUNT(*) FROM users WHERE username = :username OR email = :email可能是一个性能问题,因为数据库不能在这里使用任何索引。 So you might want to split that in two statements one for username and one for email.因此,您可能希望将其拆分为两个语句,一个用于用户名,另一个用于电子邮件。 That would also help you determining which error occured.这也将帮助您确定发生了哪个错误。
Also you don't need every hit in the db just the first, so a limit 1 is also usefull.此外,您不需要数据库中的每个命中只是第一个,因此limit 1也很有用。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.