[英]check if username and email already exists in database
I just started with php and i tried to create system to reject "create account" if you type already existing username or password.Thank you,and sorry for my bad english. 我刚开始使用php,并且尝试创建系统以拒绝“创建帐户”(如果您键入现有的用户名或密码)。谢谢,对不起我的英语不好。 I already tried this.Not working: link 我已经尝试过了。不起作用: 链接
<?php
session_start();
$db = mysqli_connect("localhost", "root", "", "itsnikola");
if (isset($_POST['register_btn'])) {
$name = mysqli_real_escape_string($db, $_POST['name']);
$lastname = mysqli_real_escape_string($db, $_POST['lastname']);
$username = mysqli_real_escape_string($db, $_POST['username']);
$email=mysqli_real_escape_string($db, $_POST['email']);
$password=mysqli_real_escape_string($db, $_POST['password']);
$password2=mysqli_real_escape_string($db, $_POST['password2']);
if ($password == $password2) {
session_start();
$password = ($password);
$sql="select * from account_info where (username='$username' or email='$email')";
if (mysqli_num_rows($res) > 0) {
$row = mysqli_fetch_assoc($res);
if ($username==$row['username'])
{
$_SESSION['message'] = "Username je vec registrovan";
}
else($email==$row['email']){
$_SESSION['message'] = "Email je vec registrovan"
}
else
{
$sql = "INSERT INTO users(name, lastname, username, email, password) VALUES('$name' , '$lastname' , '$username' , '$email' , '$password')";
mysqli_query($db, $sql);
$_SESSION['message'] = "Sada si ulogovan";
$_SESSION['message'] = $username;
header("location:login.php");
}else {
$_SESSION['message'] = "Ne podudaraju se lozinke!";
}
}
?>
You're missing the very important line here before this line if (mysqli_num_rows($res) > 0)
if (mysqli_num_rows($res) > 0)
您将在此行之前错过非常重要的行
$sql="select * from account_info where username='$username' or email='$email' ";
$res = mysqli_query($db, $sql); // you're missing this line to query by $sql
if (mysqli_num_rows($res) > 0) {
// you're other code goes here
}
First of all, session_start()
is called 2 times. 首先, session_start()
被调用两次。
Remove the repeated call inside if ($password == $password2) {
if ($password == $password2) {
You code is also missing a ;
您的代码也缺少;
and some }
(for properly closing your if
conditions) 和一些}
(用于正确关闭if
条件)
Now the solution: 现在的解决方案:
Before you can process Database query's result, you need to connect to a DB and execute appropriate SQL command, only then you will get the result you want. 在处理数据库查询的结果之前,需要连接到数据库并执行适当的SQL命令,然后您才能获得所需的结果。 Your code is missing this process. 您的代码缺少此过程。
Check my comments in your code below↓ and then check again in corrected code 在下面的代码中检查我的评论↓,然后在更正的代码中再次检查
if ($password == $password2) {
session_start(); // remove this repeated call
$password = ($password);
$sql="select * from account_info where (username='$username' or email='$email')";
if (mysqli_num_rows($res) > 0) { // $res isn't defined
$row = mysqli_fetch_assoc($res);
if ($username==$row['username'])
{
$_SESSION['message'] = "Username je vec registrovan";
}
else($email==$row['email']){ // `else` doesn't work this way, use `elseif`
$_SESSION['message'] = "Email je vec registrovan" // ; missing
}
Corrected Code : 更正的代码 :
if (isset($_POST['register_btn'])) {
$name = mysqli_real_escape_string($db, $_POST['name']);
$lastname = mysqli_real_escape_string($db, $_POST['lastname']);
$username = mysqli_real_escape_string($db, $_POST['username']);
$email = mysqli_real_escape_string($db, $_POST['email']);
$password = mysqli_real_escape_string($db, $_POST['password']);
$password2 = mysqli_real_escape_string($db, $_POST['password2']);
if ($password == $password2) {
$password = ($password);
$sql = "SELECT * FROM users WHERE (username='$username' OR email='$email')";
$res = mysqli_query($db, $sql); // you were calling $res but it wasn't defined; this connects to the DB and executes SQL and then assigns the result
if (mysqli_num_rows($res) > 0) {
$row = mysqli_fetch_assoc($res);
if ($username == $row['username']) {
$_SESSION['message'] = "Username je vec registrovan";
} elseif ($email == $row['email']) { // changed `else` to `elseif` to include the condition, `else` doesn't accept conditional checks
$_SESSION['message'] = "Email je vec registrovan"; // added ;
}
} else {
$sql = "INSERT INTO users (name, lastname, username, email, password) VALUES ('$name', '$lastname', '$username', '$email', '$password')";
if (mysqli_query($db, $sql)) {
// New record inserted
$_SESSION['message'] = "Sada si ulogovan";
$_SESSION['message'] = $username;
header("location: login.php");
} else {
echo("Error: " . mysqli_error($db));
}
}
} // required to close the password checking condition
else {
$_SESSION['message'] = "Ne podudaraju se lozinke!";
}
}
Suggestions: 建议:
- Use prepared statement instead of directly passing user provided input into SQL 使用准备好的语句,而不是直接将用户提供的输入传递给SQL
(critical, your current code is vulnerable to SQL injection) (至关重要的是,您当前的代码容易受到SQL注入的攻击)- Use an IDE that supports PHP and offers syntax highlighting (Atom, Visual Studio Code, PhpStorm etc.) 使用支持PHP并提供语法高亮显示的IDE(Atom,Visual Studio Code,PhpStorm等)
I've tried this 我已经试过了
<?php
session_start();
$db = mysqli_connect("localhost", "root", "", "itsnikola");
if (isset($_POST['register_btn'])) {
$name = mysqli_real_escape_string($db, $_POST['name']);
$lastname = mysqli_real_escape_string($db, $_POST['lastname']);
$username = mysqli_real_escape_string($db, $_POST['username']);
$email = mysqli_real_escape_string($db, $_POST['email']);
$password = mysqli_real_escape_string($db, $_POST['password']);
$password2 = mysqli_real_escape_string($db, $_POST['password2']);
if ($password == $password2) {
$password = ($password);
$sql = "select * from account_info where (username='$username' or email='$email')";
$res = mysqli_query($db, $sql); // you were calling $res but it wasn't defined; this connects to the DB and executes SQL and then assigns the result
if (mysqli_num_rows($res) > 0) {
$row = mysqli_fetch_assoc($res);
if ($username == $row['username']) {
$_SESSION['message'] = "Username je vec registrovan";
} elseif ($email == $row['email']) { // changed `else` to `elseif` to include the condition, `else` doesn't accept conditional checks
$_SESSION['message'] = "Email je vec registrovan"; // added ;
} else {
$sql = "INSERT INTO users(name, lastname, username, email, password) VALUES('$name' , '$lastname' , '$username' , '$email' , '$password')";
mysqli_query($db, $sql);
$_SESSION['message'] = "Sada si ulogovan";
$_SESSION['message'] = $username;
header("location:login.php");
}
} // required to close `if (mysqli_num_rows($res) > 0)`
} // required to close the password checking condition
else {
$_SESSION['message'] = "Ne podudaraju se lozinke!";
}
}
?>
But not working Error code: 但无法正常工作错误代码:
Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, boolean given in Z:\\Programs\\XAMPP\\htdocs\\register.php on line 17 警告:mysqli_num_rows()期望参数1为mysqli_result,在第17行的Z:\\ Programs \\ XAMPP \\ htdocs \\ register.php中给出的布尔值
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.