0

我想看看是否已经创建了用户名...我搜索了,mysql_num_row() 或其他任何东西似乎都不起作用,如果我使用它,我会收到 T_STRING 错误...这是我的代码,说它应该工作,但它没有,为什么?:

/*simple checking of the data*/
if(isset($_POST['login']) && isset($_POST['pass']) && ($_POST['pass'] == $_POST['confirm']))
{

/*Connection to database logindb using your login name and password*/
$db=mysql_connect('localhost','user','pass') or die(mysql_error());
mysql_select_db('db');

/*additional data checking and striping*/
$_POST['login']=mysql_real_escape_string(strip_tags(trim($_POST['login'])));
$_POST['pass']=mysql_real_escape_string(strip_tags(trim($_POST['pass'])));

mysql_query("INSERT INTO profiles SET username='{$_POST['login']}',password='{$_POST['pass']}'",$db);

/*If the database has been updated*/
if(mysql_affected_rows() > 0)
{
    $_SESSION['login'] = $_POST['login'];
    $login='Welcome '.$_SESSION['login'];
}
else
{
    $login= 'This login name already exists.';
}

mysql_close($db);

}

我按照 showdev 的建议做了,但出现错误:

新代码:

/*additional data checking and striping*/
$_POST['login']=mysql_real_escape_string(strip_tags(trim($_POST['login'])));
$_POST['pass']=mysql_real_escape_string(strip_tags(trim($_POST['pass'])));

mysql_query("INSERT INTO profiles SET  username='{$_POST['login']}',password='{$_POST['pass']}'",$db);

/*If the database has been updated
if(mysql_affected_rows() > 0)
{
$_SESSION['login'] = $_POST['login'];
$login='Welcome '.$_SESSION['login'];
}
else
{
$login= 'This login name already exists.';
}*/
$sql="SELECT COUNT(*) FROM `profiles` WHERE `username`='$username' AND `password`='$password' LIMIT 0,1;"
$q=mysql_query($sql) or die(mysql_error());
$r=mysql_fetch_row($q);
if ($r[0]==0) {
   // insert new user
    } else {
   // user already exists
    }

mysql_close($db);

}

错误:

解析错误:语法错误,第 34 行 /home/teacher/public_html/php/register.php 中的意外 T_VARIABLE

更新:

新代码:

mysql_query("INSERT INTO profiles SET `username`='{$_POST['login']}',`password`='{$_POST['pass']}' ON DUPLICATE KEY UPDATE `username`='{$_POST['login']}'",$db);
/*If the database has been updated*/
if(mysql_affected_rows() == 1)
{
    $_SESSION['login'] = $_POST['login'];
    $login='Welcome '.$_SESSION['login'];
}
else
{
    $login= 'This login name already exists.';
}

mysql_close($db);

}

还是不行

4

2 回答 2

0

您可能想SELECT查看用户名之前是否已经存在INSERT。像这样的东西:

$login=mysql_real_escape_string(strip_tags(trim($_POST['login'])));
$pass=mysql_real_escape_string(strip_tags(trim($_POST['pass'])));

$sql="SELECT COUNT(*) FROM `profiles` WHERE `username`='$login';"

$q=mysql_query($sql) or die(mysql_error());
$r=mysql_fetch_row($q);

if ($r[0]==0) { // count is 0, no matching users

   // insert new user
   $sql="INSERT INTO `profiles`
           (`username`,`password`) VALUES ('$login','$pass');";
   mysql_query($sql) or die(mysql_error());

   $_SESSION['login'] = $login;
   $login='Welcome '.$_SESSION['login'];

} else {

   // user already exists
   $login= 'This login name already exists.';

}

此外,请考虑 PDO,因为 mysql_* 命令已贬值。

于 2013-04-26T00:40:16.150 回答
-1

这会检查用户是否已经存在,并使用 sanitize 功能来防止注入

function sanitize($string) {
  $string = mysql_real_escape_string(strip_tags(trim($string)));
  return $string;
}

function user_exists($username) {
  $username = sanitize($username);
  return (mysql_result(mysql_query("SELECT COUNT(`username`) FROM `profiles` WHERE `username` = '$username'"), 0) == 1) ? true : false;
}

if (user_exists() === true) {

} else {
  $login= 'This login name already exists.';
}
于 2013-04-26T22:43:16.567 回答