[英]PHP and MySQL - Check if username is already taken
現在的問題是,代碼無法檢查用戶名是否已被占用,是否有任何代碼可以檢查用戶名已經在數據庫中?
我正在試驗我的一些代碼,然后可能在Stack Overflow中搜索了這個問題。 我試過這個解決方案,但顯然它給了我錯誤。 當我試過它時,警告:
mysql_query()期望參數2是資源,C:...在線給出的對象...
和問題
mysql_num_rows()期望參數1是資源,在C中給出null:...在線...
我實際上正在尋找這個問題的解決方案或教程如何解決這個問題。
我的代碼:
<?php
require_once("functions.php");
require_once("db-const.php");
session_start();
if (logged_in() == true) {
redirect_to("profile.php");
}
?>
<?php
?>
<html>
<head>
<title>Prospekt Member Area</title>
</head>
<body>
<h1> Register Here </h1>
<h2>© Kirk Niverba</h2>
<hr />
<!-- The HTML registration form -->
<form action="<?=$_SERVER['PHP_SELF']?>" method="post">
Username: <input type="text" name="username" /><br />
Password: <input type="password" name="password" /><br />
First name: <input type="text" name="first_name" /><br />
Last name: <input type="text" name="last_name" /><br />
Email: <input type="type" name="email" /><br />
<input type="submit" name="submit" value="Register" />
<a href="login.php">Already have an account?</a>
</form>
<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (empty($_POST['username']) || empty($_POST['password']) || empty($_POST['first_name']) || empty($_POST['last_name']) || empty($_POST['email'])) {
echo "Please fill all the fields!";
}
elseif (isset($_POST['submit'])) {
## connect mysql server
$mysqli = new mysqli(localhost, root, "", loginsecure);
# check connection
if ($mysqli->connect_errno) {
echo "<p>MySQL error no {$mysqli->connect_errno} : {$mysqli->connect_error}</p>";
exit();
}
## query database
# prepare data for insertion
$username = $_POST['username'];
$mainpass = $_POST['password'];
$password = hash('sha256', $mainpass);
$first_name = $_POST['first_name'];
$last_name = $_POST['last_name'];
$email = $_POST['email'];
# check if username and email exist else insert
// u = username, e = emai, ue = both username and email already exists
$user = $_POST['username'];
$usernamecheck=mysql_query("SELECT username FROM users WHERE username='$user'", $mysqli);
if (mysql_num_rows($usernamecheck)>=1){
echo $user." is already taken";
}
else{
# insert data into mysql database
$sql = "INSERT INTO `users` (`id`, `username`, `password`, `first_name`, `last_name`, `email`)
VALUES (NULL, '{$username}', '{$password}', '{$first_name}', '{$last_name}', '{$email}')";
if ($mysqli->query($sql)) {
header("Location: checklogin.php?msg=Registered Successfully!");
} else {
echo "<p>MySQL error no {$mysqli->errno} : {$mysqli->error}</p>";
exit();
}
}
}
}
?>
<hr />
</body>
</html>
在您遇到錯誤的行中,將“mysq_query”替換為“mysqli_query”,將“mysql_num_rows”替換為“mysqli_num_rows”。 這是因為你不能將mysql調用與mysli連接混合在一起。
作為如何使用預准備語句的示例,您可以使用以下(未經測試的順便說一句)
在原始代碼中,您在輸出html代碼后發送標題 - 這將導致錯誤,除非您使用輸出緩沖,因此我在生成任何html內容之前移動了所有相關的PHP代碼,如果有任何錯誤輸出它們。
我還注意到mysqli
連接的參數沒有被引用 - 如果這些參數被定義為常量,那么這樣就可以了,否則也會產生錯誤。
繼續使用mysqli
或pdo
- 因為當您采用我試圖在此處展示的預准備語句時,您可以更好地保護您的站點免受惡意用戶的攻擊。
<?php
require_once("functions.php");
require_once("db-const.php");
session_start();
if (logged_in() == true) {
redirect_to("profile.php");
}
$errors=array();
if( $_SERVER['REQUEST_METHOD'] == 'POST' ) {
if( isset( $_POST['username'], $_POST['password'], $_POST['first_name'], $_POST['last_name'], $_POST['email'] ) ) {
$username = !empty( $_POST['username'] ) ? $_POST['username'] : false;
$mainpass = !empty( $_POST['password'] ) ? $_POST['password'] : false;
$password = !empty( $mainpass ) ? hash('sha256', $mainpass) : false;
$first_name = !empty( $_POST['first_name'] ) ? $_POST['first_name'] : false;
$last_name = !empty( $_POST['last_name'] ) ? $_POST['last_name'] : false;
$email = !empty( $_POST['email'] ) ? $_POST['email'] : false;
if( $username && $password ){
$mysqli = new mysqli( DB_HOST, DB_USER, DB_PASS, DB_NAME );
if( $mysqli->connect_errno ) {
$errors[]=$mysqli->connect_error;
} else {
/* Assume all is ok so far */
$sql='select username from users where username=?';
$stmt=$mysqli->prepare($sql);
$stmt->bind_param('s',$username);
$stmt->execute();
$stmt->bind_result( $found );
$stmt->fetch();
if( !$found ){
/* username is not alreday taken */
$sql='insert into `users` (`username`,`password`,`first_name`,`last_name`,`email`) values (?,?,?,?,?);';
$stmt=$mysqli->prepare( $sql );
$stmt->bind_param('sssss',$username,$password,$first_name,$last_name,$email);
$stmt->execute();
header("Location: checklogin.php?msg=Registered Successfully!");
} else {
/* username is taken */
$errors[]='Sorry, that username is already in use.';
}
}
}
} else {
$errors[]='Please fill in all details';
}
}
?>
<html>
<head>
<title>Prospekt Member Area</title>
</head>
<body>
<h1> Register Here </h1>
<h2>© Kirk Niverba</h2>
<hr />
<!-- The HTML registration form -->
<form action="<?=$_SERVER['PHP_SELF']?>" method="post">
Username: <input type="text" name="username" /><br />
Password: <input type="password" name="password" /><br />
First name: <input type="text" name="first_name" /><br />
Last name: <input type="text" name="last_name" /><br />
Email: <input type="type" name="email" /><br />
<input type="submit" name="submit" value="Register" />
<a href="login.php">Already have an account?</a>
</form>
<?php
if( !empty( $errors ) ){
echo implode( '<br />', $errors );
}
?>
<hr />
</body>
</html>
它可以很容易地使用mysql唯一約束 。
username varchar(50) NOT NULL,
//other fields,
UNIQUE (username)
對於它的php部分,只有當mysql_num_rows返回0時,才可以使用mysql_query選擇要驗證的所需用戶名並發送表單。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.