[英]How to check value in mysql with php pdo connection?
我是php的初學者,所以我的注冊腳本需要幫助。 我有4個字段,其中1個用戶名(在后面轉換為電子郵件地址),1個所有者的當前電子郵件地址和2個密碼字段。 注冊有效,我只想添加用戶名的驗證(如果存在或不存在)。 我的問題是我不知道在哪里以及如何去做,我應該創建一個函數嗎? 怎么樣? 我想保持簡單,因此我不創建任何類型的會話,是否可以按原樣進行? 這是代碼:
<?php
$host = '127.0.0.1';
$dbuser = 'reguser';
$dbpass = 'regpass';
$dbn = 'regform';
$conn = new PDO("mysql:host=$host;dbname=$dbn", $dbuser, $dbpass);
$RegScrIdErr = $RegScrIdChrErr = $OwnAddressErr = $Password1Err = $Password2Err = $PasswordMErr = "";
$formValid = true;
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty($_POST["RegScrId"])) {$RegScrIdErr = "Userame is required"; $formValid = false;}
else {$RegScrId = check_input($_POST["RegScrId"]);
if (!preg_match("/^[a-zA-Z0-9]*$/",$RegScrId)){$RegScrIdErr = "Only letters and numbers allowed"; $formValid = false;}
}
if (empty($_POST["OwnAddress"])) {$OwnAddressErr = "Email is required"; $formValid = false;}
else {$OwnAddress = check_input($_POST["OwnAddress"]);
if (!preg_match("/([\w\-]+\@[\w\-]+\.[\w\-]+)/",$OwnAddress)){$OwnAddressErr = "Invalid email format"; $formValid = false;}
}
if (empty($_POST["Password1"])) {$Password1Err = "Password field can't be empty!"; $formValid = false;}
else {$Password1 = check_input($_POST["Password1"]);}
if (empty($_POST["Password2"])){$Password2Err = "Password Confirmation can't be empty!"; $formValid = false;}
else {$Password2 = check_input($_POST["Password2"]);
if ($_POST["Password1"]!= $_POST["Password2"]) {$PasswordMErr = "Password does not match!"; $formValid = false;}
}
if ($formValid) { header('Location: index.html'); }
}
function check_input($data){
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
$RegScrIdFull = "$RegScrId@RegScrserver.com";
$userIp = $_SERVER['REMOTE_ADDR'];
$hash = hash('sha1', $Password1);
FUNCTION createSalt(){
$text = md5(uniqid(rand(), TRUE));
RETURN substr($text, 0, 3);
}
$salt = createSalt();
$PasswordSec = hash('sha256', $salt . $hash);
if ($formValid) {
$qry = $conn->PREPARE('INSERT INTO userlist (RegScrId, password, email, userIp, salt) VALUES (?, ?, ?, ?, ?)');
$qry->EXECUTE(array($RegScrIdFull, $hash, $OwnAddress, $userIp, $salt));
$conn = null;
}
?>
<div id="wrapper">
<header><img src="img/logo3.png" width="170" height="110" /><br><br>
</header><br>
<div id="section_contact">
<form name="register" method="post" action="<?php echo $_SERVER["PHP_SELF"];?>"><br />
<table width="850" border="0" id="tb-form">
<tr>
<td class="tb-form-left" colspan="2"><h4><strong>Sign Up</strong></h4><br /></td>
</tr>
<tr>
<td class="tb-form-left"><input type="text" name="OwnAddress" maxlength="30" placeholder=" Own Email Address" value="<?php echo $ $OwnAddress;?>" /><span class="error"><?php echo $OwnAddressErr;?></span></td>
</tr>
<tr>
<td class="tb-form-left"><input type="text" class="RegScrIdPic" maxlength="28" name="RegScrId" id="email" placeholder=" RegScrserver Username" value="<?php echo $RegScrId;?>" /><span class="error"><?php echo $RegScrIdErr;?><?php echo $RegScrIdChrErr;?></span></td>
</tr>
<tr>
<td class="tb-form-left"><input type="password" name="Password1" placeholder=" Enter Password"/><span class="error"><?php echo $Password1Err;?></span></td>
</tr>
<tr>
<td class="tb-form-left"><input type="password" name="Password2" placeholder=" Confirm Password" /><span class="error"><?php echo $Password2Err;?><?php echo $PasswordMErr;?></span></td>
</tr>
<tr>
<td class="tb-form-left"><input id="form-btn" type="submit" value="Create Account" /></td>
</tr>
</table>
</form>
</div>
</div>
</div>
</body>
</html>
如果要在數據庫中存在用戶名時實施驗證,則首先應詢問數據庫用戶名是否確實存在。 在插入之前,您應該使用SELECT查詢
$sth = $conn->prepare('SELECT id FROM users WHERE username=:username');
$sth->bindValue(':username',$username,PDO::PARAM_STR);
sth->execute();
while($row = $sth->fetch()){
/// ....... here you get username
}
// if in $row you get username you can use now validation for example
if(!empty($row)){
my_validation_function();
}
else{
// we dont want approaching form so we redirect customer to some page
header('location: some url');
}
if ($formValid) {
$qry = $conn->PREPARE('INSERT INTO userlist (RegScrId, password, email, userIp, salt) VALUES (?, ?, ?, ?, ?)');
$qry->EXECUTE(array($RegScrIdFull, $hash, $OwnAddress, $userIp, $salt));
$conn = null;
}
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.