堆棧內存溢出
  簡體   English   中英

如何使用php pdo連接檢查mysql中的值?

[英]How to check value in mysql with php pdo connection?

 原文  2014-02-20 20:47:33       php/ mysql/ validation/ pdo

問題描述

我是php的初學者,所以我的注冊腳本需要幫助。 我有4個字段,其中1個用戶名(在后面轉換為電子郵件地址),1個所有者的當前電子郵件地址和2個密碼字段。 注冊有效,我只想添加用戶名的驗證(如果存在或不存在)。 我的問題是我不知道在哪里以及如何去做,我應該創建一個函數嗎? 怎么樣? 我想保持簡單,因此我不創建任何類型的會話,是否可以按原樣進行? 這是代碼: 

<?php

$host = '127.0.0.1';
$dbuser = 'reguser';
$dbpass = 'regpass';
$dbn = 'regform';


$conn = new PDO("mysql:host=$host;dbname=$dbn", $dbuser, $dbpass);


$RegScrIdErr = $RegScrIdChrErr = $OwnAddressErr = $Password1Err = $Password2Err =      $PasswordMErr = "";

$formValid = true;

if ($_SERVER["REQUEST_METHOD"] == "POST") { 
if (empty($_POST["RegScrId"])) {$RegScrIdErr = "Userame is required"; $formValid = false;}
    else {$RegScrId = check_input($_POST["RegScrId"]); 
         if (!preg_match("/^[a-zA-Z0-9]*$/",$RegScrId)){$RegScrIdErr = "Only letters and numbers allowed"; $formValid = false;}

             }

if (empty($_POST["OwnAddress"])) {$OwnAddressErr = "Email is required"; $formValid = false;}
    else {$OwnAddress = check_input($_POST["OwnAddress"]);
        if (!preg_match("/([\w\-]+\@[\w\-]+\.[\w\-]+)/",$OwnAddress)){$OwnAddressErr = "Invalid email format"; $formValid = false;}
 }

   if (empty($_POST["Password1"])) {$Password1Err = "Password field can't be empty!"; $formValid = false;}
  else {$Password1 = check_input($_POST["Password1"]);}
   if (empty($_POST["Password2"])){$Password2Err = "Password Confirmation can't be empty!"; $formValid = false;}
    else {$Password2 = check_input($_POST["Password2"]);
        if ($_POST["Password1"]!= $_POST["Password2"]) {$PasswordMErr = "Password does not match!"; $formValid = false;}
 }
       if ($formValid) { header('Location: index.html');  }
}




function check_input($data){
 $data = trim($data);
 $data = stripslashes($data);
 $data = htmlspecialchars($data);
 return $data;
}




$RegScrIdFull = "$RegScrId@RegScrserver.com";  
$userIp = $_SERVER['REMOTE_ADDR'];
$hash = hash('sha1', $Password1);

 FUNCTION createSalt(){
    $text = md5(uniqid(rand(), TRUE));
    RETURN substr($text, 0, 3);
}
$salt = createSalt();
$PasswordSec = hash('sha256', $salt . $hash);

if ($formValid) {

    $qry = $conn->PREPARE('INSERT INTO userlist (RegScrId, password, email, userIp, salt) VALUES (?, ?, ?, ?, ?)');
    $qry->EXECUTE(array($RegScrIdFull, $hash, $OwnAddress, $userIp, $salt));
    $conn = null;

}
   ?>


   <div id="wrapper">
    <header><img src="img/logo3.png" width="170" height="110" /><br><br>
    </header><br>
    <div id="section_contact">
    <form name="register"  method="post" action="<?php echo $_SERVER["PHP_SELF"];?>"><br />
            <table width="850" border="0" id="tb-form">
        <tr>
                <td class="tb-form-left" colspan="2"><h4><strong>Sign Up</strong></h4><br /></td>
        </tr>
        <tr>
        <td class="tb-form-left"><input type="text" name="OwnAddress" maxlength="30" placeholder=" Own Email Address" value="<?php echo $ $OwnAddress;?>" /><span class="error"><?php echo $OwnAddressErr;?></span></td>
        </tr>
        <tr>
        <td class="tb-form-left"><input type="text" class="RegScrIdPic" maxlength="28" name="RegScrId" id="email" placeholder=" RegScrserver Username" value="<?php echo $RegScrId;?>" /><span class="error"><?php echo $RegScrIdErr;?><?php echo $RegScrIdChrErr;?></span></td>
        </tr>
        <tr>
        <td class="tb-form-left"><input type="password" name="Password1" placeholder=" Enter Password"/><span class="error"><?php echo $Password1Err;?></span></td>
        </tr>
        <tr>
        <td class="tb-form-left"><input type="password" name="Password2" placeholder=" Confirm Password" /><span class="error"><?php echo $Password2Err;?><?php echo $PasswordMErr;?></span></td>
        </tr>
        <tr>
        <td class="tb-form-left"><input id="form-btn" type="submit" value="Create Account" /></td>
        </tr>
        </table>
</form>
</div>


</div>


</div>
</body>
</html>

1 個解決方案

解決方案1
 0  2014-02-20 21:06:03

如果要在數據庫中存在用戶名時實施驗證,則首先應詢問數據庫用戶名是否確實存在。 在插入之前,您應該使用SELECT查詢 

$sth = $conn->prepare('SELECT id FROM users WHERE username=:username');
$sth->bindValue(':username',$username,PDO::PARAM_STR);
sth->execute();
while($row = $sth->fetch()){
   /// ....... here you get username
}
// if in $row you get username you can use now validation for example
if(!empty($row)){
   my_validation_function();
}
else{
  // we dont want approaching form so we redirect customer to some page
    header('location: some url');
}


if ($formValid) {


     $qry = $conn->PREPARE('INSERT INTO userlist (RegScrId, password, email, userIp, salt) VALUES (?, ?, ?, ?, ?)');
     $qry->EXECUTE(array($RegScrIdFull, $hash, $OwnAddress, $userIp, $salt));
     $conn = null;

 }

暫無
暫無

聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.

相關問題 PHP:PDO(MySQL)SSL連接 PHP MYSQL PDO 數據庫連接 PHP IIS與IIS上的PDO連接 如何在PHP和MySQL中使用PDO顯示列值? PHP PDO檢查mysql錯誤 如何跨多個類訪問PDO連接對象?[php + Mysql] 如何使用PHP,PDO,MySQL檢查列是否不存在? 使用angularjs和PHP(PDO)進行MySQL連接 PHP PDO關閉DatabaseFactory文件中的mysql連接 PHP將mysql_connection轉換為PDO
相關標簽
 
粵ICP備18138465號  © 2020-2024 STACKOOM.COM