验证对MYSQL用户输入字段

Question

I am very new to mysql . How to validate a user input email value against the value stored in database. The user enters his email in html5 input field and it is to be validated with the values stored in database and perform success actions accordingly. On success navigate to next screen and failure throw a pop up .Attached is screen shot of scenario. [image] ( http://s10.postimg.org/5vvlp200p/user_validation.png ) Please suggest

EDIT 1:

<!DOCTYPE html>
<html>
<body>
<form action="demo_form.asp" autocomplete="on">
E-mail: <input type="email" name="email" autocomplete="off"><br>
<input type="submit">
</form>
</body> 
</html>

EDIT 2:

<?php
try
{
    $connection = mysql_connect("localhost:3306","root","b");
    mysql_select_db("MobileBlog", $connection);


    mysql_query(" // suggest here to validate against emails in db");
    mysql_close($connection);
    echo "SUCCESS";
}
catch(Exception $e)
{
    echo $e->getMessage();
    // Note: Log the error or something
}
?>

EDIT 3 This is my new , HTML5, PHP code , but still failing.

<!DOCTYPE html>
<html>
<body>
<form action="checkform.php" method="post">
E-mail: <input type="email" name="email" autocomplete="off"><br>
<input type="submit">
</form>
</body> 
</html>

PHP Code

<?php
try
{
$connection = mysql_connect("localhost:3306","root","b");
mysql_select_db("mobileblog", $connection);  
$emailid = $_POST['email']; 
echo $emailid;
$sql = "SELECT Name from table WHERE email=" . $_POST['email'];
$result = mysql_query($sql);
echo $result;
if(!$result) { echo "<p class='error'>Error: No such email address</p>"; }
// note that the if is asking if there is no result
else {
while ($row = mysql_fetch_assoc($result)) { 
echo "<p class='success'>Welcome " . $row['Name'] . "!!</p>";
}
} // end

//mysql_query(" // suggest here to validate against emails in db");
mysql_close($connection);
echo "SUCCESS";
}
catch(Exception $e)
{
echo $e->getMessage();
// Note: Log the error or something
}
?>

ERROR for edit 3 :

Warning: mysql_connect(): Access denied for user 'root'@'localhost' (using password: YES) in C:\\xampp\\htdocs\\email\\checkform.php on line 5

Warning: mysql_select_db() expects parameter 2 to be resource, boolean given in C:\\xampp\\htdocs\\email\\checkform.php on line 6 abc@gmail.com Error: No such email address

Warning: mysql_close() expects parameter 1 to be resource, boolean given in C:\\xampp\\htdocs\\email\\checkform.php on line 32 SUCCESS

Answer 1

Step 1

Make your form point towards the page where you are going to process the data. For now we'll keep it simple. The form in your example is OK, you just need to change some of the parts of the <form> tag itself.

Use the following;

<form action="checkform.php" method="post">

Notice the method we used was post . You'll see that name being used again in a moment.

Step 2

Create a new page with the filename 'checkform.php'. Assuming you have the correct connection settings, the second bit of code in your question is a good starting point.

Before your mysql_query we need to get the data from the form in order to see if there's a match in the database. We do this with the global variable $_POST[] which is an array of all the items on your form with the name attribute as the key. So the email address as entered by the user will be stored under $_POST['email'] . We can now use this as the basis for our database query.

Step 3

Create a string with the query you are going to send to the database, and use $_POST['email'] where the email address would appear.

$sql = "SELECT Name from table WHERE email=" . $_POST['email'];

where table is the name of your table in the database.

Now you can send that query to the database.

$result = mysql_query($sql);

Notice that the result of the query will be saved in the $result variable. If no match is returned, $result will be false.

Step 4

We now need to get the useful information from the result. We do this by looping over the result and extracting the data. First we check if there is a result, if there isn't then we print an error message, if there is we get the data.

We can loop over the result using a while loop and put the data for that row into a $row array with the keys being the names of the columns. We only asked for 'Name' so that will be the only column available to us. The code looks like this;

if(!$result) { echo "<p class='error'>Error: No such email address</p>"; }
// note that the if is asking if there is no result
else {

    while ($row = mysql_fetch_assoc($result)) { 
        echo "<p class='success'>Welcome " . $row['Name'] . "!!</p>";
    }

} // endif

Please note that if the email address matches more than one row, this code will show more than one welcome message. I've left it like that for the moment, but you should make the email field unique in your database.

Notes

Please be aware that using mysql_ functions is becoming depreciated and will not be possible in future versions of PHP. You will need to use mysqli_ instead. For the moment you are OK, but once you understand how these database operations work then you should look to move to MySQLi functions.

You can add code in the if part that prompts the user to return to the form if you wish, or a javascript alert (google it) or whatever, and you can style the messages using CSS.

Hope this helps