PHP中的多个$ query = mysql_query

Question

I need to check for duplicate usernames and check if they already exist in the database or not. 我需要检查重复的用户名，并检查它们是否已经存在于数据库中。 If they do, I show them an error message. 如果这样做，我会向他们显示错误消息。

I am doing it with username but I also need to do it with the email address. 我正在使用用户名，但是我也需要使用电子邮件地址。

Here's my code so far: 到目前为止，这是我的代码：

if(isset($_POST['submit'])){
    $first_name = $_POST['first_name'];
    $last_name = $_POST['last_name'];
    $username = $_POST['username'];
    $password = $_POST['password'];
    $email = $_POST['email'];
    $IP = $_SERVER['REMOTE_ADDR'];

    $query = mysql_query("SELECT username FROM Users WHERE username='".$username."'");

... ...

else if (mysql_num_rows($query) != 0)
    {
        echo "<p><b><center> <font color=\"red\">Username already exists.<br> </b>If you already have an account, please<a href = '../user/login.php'> click here </a> to login.</font></center></p>"; 
    }

My question is how can I do the same for email? 我的问题是我该如何处理电子邮件？ Do I need to have one another query for email so like $query = mysql_query("SELECT email FROM Users WHERE email='".$email."'"); 我是否需要对电子邮件进行另一个查询，例如$query = mysql_query("SELECT email FROM Users WHERE email='".$email."'");那里$query = mysql_query("SELECT email FROM Users WHERE email='".$email."'"); and add it after the first query in the above code? 并在上面的代码中的第一个查询之后添加它？

I tried doing it but it gives me an error. 我尝试这样做，但这给了我一个错误。 Thanks. 谢谢。

Answer 1

The best way is probably to run multiple queries; 最好的方法可能是运行多个查询。 you could benefit from indexing and better maintainability. 您可以从索引编制和更好的可维护性中受益。

You should not use mysql_* functions; 您不应该使用mysql_ *函数； they are deprecated and will soon be removed . 它们已过时，将很快被删除 。 Use PDO instead (or mysqli ). 改用PDO （或mysqli ）。

That said, at least escape your values in order to avoid SQL injection , or good faith errors if someone has a name with a quote - D'Artagnan, or O'Brien. 就是说，至少要避免使用值以避免SQL注入 ，或者如果有人的名字带有引号-D'Artagnan或O'Brien，则应避免诚信错误。 The code below is not proof against all problems, but can intercept the most common ones. 下面的代码并不能证明所有问题，但可以拦截最常见的问题。 Again, PDO and prepared queries would help you no end: 同样，PDO和准备好的查询将无济于事：

// Fields to check for duplicate.
$fields = array(
    'username' => $username,
    'email' => $email
);

$dup = false;
foreach ($fields as $field => $value) {
    $value = mysql_real_escape_string($value);
    $query = mysql_query("SELECT COUNT({$field}) AS n FROM Users WHERE {$field}='{$value}';");
    $tuple = mysql_fetch_assoc($query);
    if ($tuple['n'] > 0) {
        $dup = true;
        break;
    }
}

if ($dup) {
    echo "<p><b><center> <font color=\"red\">{$field} already exists.<br> </b>If you already have an account, please<a href = '../user/login.php'> click here </a> to login.</font></center></p>"; 
}

The use of COUNT() instead of retrieving the query count could be slightly more efficient depending on indexing. 根据索引的不同，使用COUNT()代替检索查询计数可能会更有效。

Answer 2

foreach ($fields as $field => $value) {
$value = mysql_real_escape_string($value);
$query = mysql_query("SELECT COUNT({$field}) AS n FROM Users WHERE {$field}='{$value}';");
$tuple = mysql_fetch_assoc($query);
if ($tuple['n'] > 0) {
    $dup = true;
    break;
}

This is what you are looking for. 这就是您要寻找的。 But be careful, it is vulnerable to SQL Injection. 但是要小心，它容易受到SQL注入的攻击。

PHP中的多个$ query = mysql_query

问题描述

2 个解决方案

解决方案1
1 2015-02-04 00:14:14

解决方案2
0 已采纳 2015-03-03 00:46:12

PHP中的多个$ query = mysql_query

问题描述

2 个解决方案

解决方案1 1 2015-02-04 00:14:14

解决方案2 0 已采纳 2015-03-03 00:46:12

解决方案1
1 2015-02-04 00:14:14

解决方案2
0 已采纳 2015-03-03 00:46:12