[英]Multiple $query = mysql_query in PHP
I need to check for duplicate usernames and check if they already exist in the database or not. 我需要检查重复的用户名,并检查它们是否已经存在于数据库中。 If they do, I show them an error message.
如果这样做,我会向他们显示错误消息。
I am doing it with username but I also need to do it with the email address. 我正在使用用户名,但是我也需要使用电子邮件地址。
Here's my code so far: 到目前为止,这是我的代码:
if(isset($_POST['submit'])){
$first_name = $_POST['first_name'];
$last_name = $_POST['last_name'];
$username = $_POST['username'];
$password = $_POST['password'];
$email = $_POST['email'];
$IP = $_SERVER['REMOTE_ADDR'];
$query = mysql_query("SELECT username FROM Users WHERE username='".$username."'");
... ...
else if (mysql_num_rows($query) != 0)
{
echo "<p><b><center> <font color=\"red\">Username already exists.<br> </b>If you already have an account, please<a href = '../user/login.php'> click here </a> to login.</font></center></p>";
}
My question is how can I do the same for email? 我的问题是我该如何处理电子邮件? Do I need to have one another query for email so like
$query = mysql_query("SELECT email FROM Users WHERE email='".$email."'");
我是否需要对电子邮件进行另一个查询,例如
$query = mysql_query("SELECT email FROM Users WHERE email='".$email."'");
那里$query = mysql_query("SELECT email FROM Users WHERE email='".$email."'");
and add it after the first query in the above code? 并在上面的代码中的第一个查询之后添加它?
I tried doing it but it gives me an error. 我尝试这样做,但这给了我一个错误。 Thanks.
谢谢。
The best way is probably to run multiple queries; 最好的方法可能是运行多个查询。 you could benefit from indexing and better maintainability.
您可以从索引编制和更好的可维护性中受益。
You should not use mysql_* functions; 您不应该使用mysql_ *函数; they are deprecated and will soon be removed .
它们已过时,将很快被删除 。 Use PDO instead (or
mysqli
). 改用PDO (或
mysqli
)。
That said, at least escape your values in order to avoid SQL injection , or good faith errors if someone has a name with a quote - D'Artagnan, or O'Brien. 就是说,至少要避免使用值以避免SQL注入 ,或者如果有人的名字带有引号-D'Artagnan或O'Brien,则应避免诚信错误。 The code below is not proof against all problems, but can intercept the most common ones.
下面的代码并不能证明所有问题,但可以拦截最常见的问题。 Again, PDO and prepared queries would help you no end:
同样,PDO和准备好的查询将无济于事:
// Fields to check for duplicate.
$fields = array(
'username' => $username,
'email' => $email
);
$dup = false;
foreach ($fields as $field => $value) {
$value = mysql_real_escape_string($value);
$query = mysql_query("SELECT COUNT({$field}) AS n FROM Users WHERE {$field}='{$value}';");
$tuple = mysql_fetch_assoc($query);
if ($tuple['n'] > 0) {
$dup = true;
break;
}
}
if ($dup) {
echo "<p><b><center> <font color=\"red\">{$field} already exists.<br> </b>If you already have an account, please<a href = '../user/login.php'> click here </a> to login.</font></center></p>";
}
The use of COUNT()
instead of retrieving the query count could be slightly more efficient depending on indexing. 根据索引的不同,使用
COUNT()
代替检索查询计数可能会更有效。
foreach ($fields as $field => $value) {
$value = mysql_real_escape_string($value);
$query = mysql_query("SELECT COUNT({$field}) AS n FROM Users WHERE {$field}='{$value}';");
$tuple = mysql_fetch_assoc($query);
if ($tuple['n'] > 0) {
$dup = true;
break;
}
This is what you are looking for. 这就是您要寻找的。 But be careful, it is vulnerable to SQL Injection.
但是要小心,它容易受到SQL注入的攻击。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.