0

我的代码有问题。如果存在数据库行中的数据,则它可以工作。但是,如果数据不存在,那么它也会给出消息,因为 12345-12345-12345-12345(sample key) already registered 。使用另一个键。

这是代码:

   $namecheck = mysql_query("SELECT pkey FROM license_key WHERE pkey ='$userEnteredProductKey'");
      if(is_resource($namecheck) && mysql_num_rows($namecheck) > 0 ){
            $sql_result = mysql_fetch_assoc($namecheck);
            echo $userEnteredProductKey . " already registered . use another key";
   }

如果我错了,请纠正我。

4

2 回答 2

0

First of all before doing anything else please phase out mysql_* functions and switch to use PDO or MySQLi. Especially if your project is dealing with serial keys or some unique keys. As of now your query can be easily hacked by injecting extra SQL

Back to problem:

since it executes echo statement it means that if statement gets executed which means is_resource() and mysql_num_rows() both return true.

why dont you check the database and see again if there exists a record with 12345-12345-12345-12345, seems like mysql_num_rows returns > 0

Also why dont you var_dump $sql_result and see what it prints

于 2013-03-15T15:23:36.590 回答
0

不建议使用 mysql_query。在下面试试这个。

$mysqli = new mysqli(DB_SERVER, DB_USERNAME, DB_PASSWORD, DB_SELECT, DB_PORT);

$stmt = $mysqli->prepare("SELECT pkey FROM license_key WHERE pkey =?");
$stmt->bind_param('s',$userEnteredProductKey) ;

$stmt->execute();
$stmt->bind_result( $pKey );
$stmt->fetch();
$stmt->close();

if($pkey!=''){
  echo $userEnteredProductKey . " already registered . use another key";
}
于 2013-03-15T15:37:50.597 回答