1

所以我正在 Ruby/Sinatra 中构建一个登录/注册页面,并且我正在尝试添加一些逻辑,以便如果有人尝试使用正在使用的电子邮件进行注册,它会告诉他们,并且不允许他们注册

require 'rubygems'
require 'sinatra'
require 'mysql'

get "/" do
        erb :form
end

post "/" do

begin
        con = Mysql.new('localhost', 'tut', 'tut', 'recruited_users')
        auth = con.query('SELECT school FROM users WHERE email = "#{params[:email]}" AND password = "#{params[:password]}"')
        auth.fetch_row
        ensure
                con.close if con
        end
end

get '/signup' do
        erb :signup
end

post '/signup' do

begin
        con = Mysql.new('localhost', 'tut', 'tut', 'recruited_users')
        check_for_user = con.query("SELECT email FROM users WHERE email = '#{params[:email]}'")
        if check_for_user == ''
                "Sorry, but there is already an account for this user. The ID is '#{params[:check_for_user]}', please try again"
        else
                auth = con.query("INSERT INTO users (email, password, school) VALUES('#{params[:email]}', '#{params[:password]}', '#{params[:school]}')")
                "Succesfully created user #{params[:email]}"
        end
        ensure
                con.close if con
        end
end

问题是该变量check_for_user没有收到任何值,至少不是我可以使用的值。我需要能够设置 if 语句,以便他们只能在数据库中不存在电子邮件时创建新用户。

4

1 回答 1

3

首先,您不能#{...}在单引号字符串中使用字符串插值 ( ),这仅适用于双引号字符串(或类似%Q{...}的行为类似于双引号字符串)。其次,SQL 中的字符串字面量应该用单引号引起来,MySQL 和 SQLite 可以让你摆脱双引号,但这是一个坏习惯。第三,我们没有在 1999 年破解 PHP,所以你不应该使用字符串插值来构建 SQL,你应该使用占位符:

sth = con.prepare('select school from users where email = ? and password = ?')
sth.execute(params[:email], params[:password])
row = sth.fetch
if(!row)
    # Didn't find anything
else
    # The school is in row.first
end
于 2012-09-03T05:02:23.857 回答