1

我要做的是验证电子邮件地址是否在数据库中。我CheckEmailAddress检查电子邮件是否在数据库中并且它似乎有效(如果需要,重写它)。问题是当我从我的 JQuery 函数发布我的 JSON 电子邮件数据时,如果在数据库中输入了电子邮件,则它总是返回 true,而应该是 false。

查询:

$('#checkemail').click(function() {
    $.post('http://' +  location.host + '/buyme/include/getemailaddress.php', 
        {'email':'test012@yahoo.co.nz'},  function(res){
        var obj = JSON.parse(res);
        alert(obj)
    });
});

PHP

<?PHP
    require_once("membership.php");
    $membership = new Membership();
    $val = $_POST["email"];;
    $result = $membership->CheckEmailAddress(trim($val));
    echo json_encode($result); //output test@test.com   
?>

function CheckEmailAddress($email_address) {
    $connection = mysql_connect('localhost:3306','root','')or die('Error connecting');
    mysql_select_db('buyme') or die('Connection not working properly');     
    $query = "SELECT email_address from users where email_address='$email_address'";
    $result = mysql_query($query, $connection);
    $row = mysql_fetch_assoc($result);

            $emailInUse = 'false';
    if(!$row || $row["email_address"] == '') {
        $emailInUse = 'true';
    }else{
        $emailInUse = 'false';  
    }

    return $emailInUse;
}

如果有什么需要更正,请更新我的代码,以便我测试谢谢

更新:

    try {
    $pdo = new PDO('mysql:dbname=buyme;host=localhost:3306', 'root', '', 
        $options = array (
        PDO::ATTR_ERRMODE,  PDO::ERRMODE_EXCEPTION
    ));
    $email_address = 'kirkdm021@yahoo.co.nz';

    $stmt = $pdo->prepare("SELECT email_address
            FROM users 
            WHERE email_address=:email_address");
    $stmt->execute(array('email_address'=>$email_address));
    $rows = $stmt->fetchObject();

    echo empty($rows->email_address) ? "" : $rows->email_address; // $row["email_address"];

}catch (PDOException $e) {
    die('error: ' . $e->getMessage());      
}
4

2 回答 2

1

问题是您的TRUE&FALSE分配正在返回字符串而不是TRUEFALSE值。这意味着它们本质上将始终被视为TRUE因为它们是包含值的字符串。AFALSE将始终不包含任何内容。此外,当它应该是一个by ORdoing时,你正在做一个by doing 。所以这段代码:||AND&&

if(!$row || $row["email_address"] == '') {
    $emailInUse = 'true';
}else{
    $emailInUse = 'false';  
}

应该这样改写:

if(!$row && $row["email_address"] == '') {
    $emailInUse = TRUE;
}else{
    $emailInUse = FALSE;  
}

最终函数如下所示:

function CheckEmailAddress($email_address) {
    $connection = mysql_connect('localhost:3306','root','')or die('Error connecting');
    mysql_select_db('buyme') or die('Connection not working properly');     
    $query = "SELECT email_address from users where email_address='$email_address'";
    $result = mysql_query($query, $connection);
    $row = mysql_fetch_assoc($result);

    if(!$row && $row["email_address"] == '') {
        $emailInUse = TRUE;
    }else{
        $emailInUse = FALSE;  
    }

    return $emailInUse;
}

也就是说,我建议else通过这样做来避免声明:

    $emailInUse = FALSE;        
    if(!$row || $row["email_address"] == '') {
        $emailInUse = TRUE;
    }

    return $emailInUse;

可能看起来差别不大,但根据我的经验,从长远来看,使用默认值初始化这样的值可以让你头疼。在这个脚本中可能意义不大,但如果你是一个初级程序员,我建议你早点养成这个习惯。

以其他视角编辑:另外,我刚刚重新阅读了您的帖子。您似乎想返回“真”和“假”这两个词?坏习惯。让函数在逻辑上返回 aTRUEFALSE按照我的解释,然后在您的主代码中对其进行操作。所以这个编码:

<?PHP
    require_once("membership.php");
    $membership = new Membership();
    $val = $_POST["email"];;
    $result = $membership->CheckEmailAddress(trim($val));
    echo json_encode($result); //output test@test.com   
?>

现在看起来像这样:

<?PHP
    require_once("membership.php");
    $membership = new Membership();
    $val = $_POST["email"];;
    $result = $membership->CheckEmailAddress(trim($val));
    $result_value = !empty($result) ? 'true' : 'false';
    echo json_encode($result_value); //output test@test.com   
?>

看到那行$result_value = !empty($result) ? 'true' : 'false';吗?那是一段内联代码,可以替代if/ elsestuff for values。我真的忘记了该方法的正式名称,但它对这种情况很有用。日志流程基本上是

[value] = [test] ? [test value] : [default value];

这基本上意味着如果test通过,则将值设为?. 如果测试不通过?然后使用右边的默认值:

于 2013-02-04T23:59:15.507 回答
0

首先,我在您的代码中看到的错误是您缺少$email_address在引号中嵌入:'在构建 SQL 查询时。

但我建议您使用准备好的语句,而不是修复查询。因为它对 SQL 注入最安全且易于使用。

下面是一个使用PDO扩展的示例:

function CheckEmailAddress($email_address) {
    try {
        $pdo = new PDO('mysql:dbname=test;host=localhost', 'root', '', $options = array (
             PDO::ATTR_ERRMODE,  PDO::ERRMODE_EXCEPTION
        ));

        // prepare a statement 
        $stmt = $pdo->prepare('
            SELECT `email_address`
            FROM `users` 
            WHERE `email_address`=:email_address
        ');

        $stmt->execute(array(
            'email_address' => $email_address
        ));

        $row = $stmt->fetchObject();

        if(!$row || $row["email_address"] == '') {
            return 'true';
        }else{
            return 'false';  
        }

    } catch (PDOException $e) {
        // just for debugging. Don't display the error message in
        // production envirionemnet as it can contain sensitive data
        die('error: ' . $e->getMessage());
    }

}
于 2013-02-05T00:04:50.327 回答