2

count($existuser)函数始终返回 1。即使没有具有该名称或电子邮件的用户。

这是代码:

function registerUser($username, $password, $passwordagain, $email, $mcname) {
    include $_SERVER['DOCUMENT_ROOT'] . "/config/config.php";
    $conn          = new PDO('mysql:host=' . $ip . ';dbname=' . $database, $username, $password);
    $validusername = "/^[a-z0-9]+$/";
    $validpassword = "/^[A-Za-z0-9]+$/";
    $validemail    = "/^([a-zA-Z0-9_\.\-])+\@(([a-zA-Z0-9\-])+\.)+([a-zA-Z0-9]{2,4})+$/";
    $validmcname   = "/^[A-Za-z0-9]+$/";
    $error         = 0;

    if (strlen($username) < 4 || strlen($username) > 24) {
        $error = 1;
    }
    if (strlen($password) < 6 || strlen($password) > 24) {
        $error = 1;
    }
    if (strlen($mcname) < 4 || strlen($mcname) > 24) {
        $error = 1;
    }
    if (!preg_match($validusername, $username)) {
        $error = 1;
    }
    if (!preg_match($validpassword, $password)) {
        $error = 1;
    }
    if (!preg_match($validemail, $email)) {
        $error = 1;
    }
    if (!preg_match($validmcname, $mcname)) {
        $error = 1;
    }
    if ($password != $passwordagain) {
        $error = 1;
    }
//test
    $userquery = $conn->query('SELECT * FROM users WHERE username="' . $username . '"');
    $existuser = $userquery->fetch();
    echo count($existuser);
//test
    if (count($existuser)) {
        $error = 1;
        echo "<div class='erroralert'>Username already exists!</div>";
    }
//test
    $emailquery = $conn->query('SELECT * FROM users WHERE email="' . $email . '"');
    $existemail = $emailquery->fetch();
//test
    if (count($existemail)) {
        $error = 1;
        echo "<div class='erroralert'>E-mail already exists!</div>";
    }
    if ($error != 1) {
        $encryptedpassword = hash('sha512', $password);
        $registeruser      = $conn->query("INSERT INTO users(username, password, email, mcname) VALUES ('$username', '$encryptedpassword', '$email', '$mcname')");
        echo "<div class='successalert'>Succesfully registred</div>";
    }
}
4

3 回答 3

1

如果您这样做,为什么要使用 PDO:

$userquery = $conn->query('SELECT * FROM users WHERE username="' . $username . '"');
$existuser = $userquery->fetch();

你应该有以下逻辑:

$userquery = $conn->prepare('SELECT * FROM users WHERE username = ?');
$userquery->execute(array($username));
if ($userquery->rowCount()) {
    // found user
} else {
    // user not found
}
于 2012-12-23T16:00:49.793 回答
0

查询可能无法执行,这就是为什么你总是得到“1”,这可能是错误报告。

通读你的代码,我建议你试试这个:

在以下查询中,您将用户名括在 ",但是,这并不总是受支持,而是您应该使用单引号 ' 并将字符串本身用 " 括起来。所以下面一行

$userquery = $conn->query('SELECT * FROM users WHERE username="' . $username . '"');

应该

$userquery = $conn->query("SELECT * FROM users WHERE username='" . $username . "'");

对具有相同问题的其他查询执行相同操作。

于 2012-12-23T15:20:44.290 回答
0

你在这里用count()错了。对于任何普通变量,它将返回 1,对于数组,它将返回元素的数量。

重要的部分是第一个。如果没有行,PDOStatement::fetch()将返回FALSE1,这是真值:

count(FALSE);      # 1
count($existuser); # 1 when there is no user, when there is a user at least 2
                   #   for default fetchmode PDO::FETCH_BOTH

所以你什么都没检查。而是测试它不是 FALSE

if ($existuser === FALSE) {
   // error.
}
于 2012-12-23T16:01:23.463 回答