0

我一直在关注本教程来构建一个简单的注册/登录脚本。

http://forum.codecall.net/topic/69771-creating-a-simple-yet-secured-loginregistration-with-php5/

我是 PHP 新手,但我有很多使用 C++ 的经验,所以我认为转换不会太难,我只需要弄清楚语法。我还在大学里对 mySQL 做了一个非常快速的介绍,所以我认为在用户注册时使用 mySQL 检查现有用户名会容易得多,尽管我的知识不太好。我认为这样的事情会起作用;

SELECT username
FROM codecalltut
WHERE username = username;

这真的有用吗?它从数据库 codecalltut 中选择用户名,然后检查输入的用户名是否已经是用户名?即使这是正确的,我也不知道如何将它包含在我的 PHP 中。

我试过使用

$qry = "SELECT username
    FROM codecalltut
    WHERE username = username;"

但是当它移动到下一条语句时,我只是得到一个语法错误。

<?php 
    $qry = "SELECT username
        FROM codecalltut
        WHERE username = username;"

//if register button was clicked.
} else {
$usr = new Users; //create new instance of the class Users
$usr->storeFormValues( $_POST ); //store form values

//if the entered password is match with the confirm password then register him
if( $_POST['password'] == $_POST['conpassword'] ) {
echo $usr->register($_POST); 
} else {
//if not then say that he must enter the same password to the confirm box.
echo "Password and Confirm password not match"; 
}
}

?>

这是用于构建数据库的查询:

CREATE DATABASE `codecalltut` DEFAULT CHARACTER SET latin1 COLLATE latin1_swedish_ci;
USE `codecalltut`;


CREATE TABLE IF NOT EXISTS `users` (
  `userID` int(11) NOT NULL AUTO_INCREMENT,
  `username` varchar(50) NOT NULL,
  `password` varbinary(250) NOT NULL,
  PRIMARY KEY (`userID`,`username`)
) ENGINE=InnoDB  DEFAULT CHARSET=latin1 AUTO_INCREMENT=6 ;

这是用户单击“注册”时的 HTML 代码

<li class="buttons">
                         <input type="submit" name="register" value="Register" />
                            <input type="button" name="cancel" value="Cancel" onclick="location.href='index.php'" />
                     </li>
4

4 回答 4

1

您是否省略了执行查询的部分?我所看到的只是您将查询分配给一个变量但没有执行它。

我看到你正在使用 PDO,所以你不应该将你正在检查的用户名连接到查询中,因为它会让你对 SQL 注入开放。我假设您的数据库对象称为“$con”,而您的表是 codecalltut。做这个:

$qry = "SELECT * FROM codecalltut WHERE username=?";
$stmt = $con->prepare($qry);
$stmt->execute(array($_POST['username']));
$exists = ($stmt->rowCount() === 1) ? true : false;
于 2013-05-04T15:16:27.747 回答
1

您的 HTML 注册表格

<form action='' method='POST'>
    <input type='text' name='username' />
    <input type='password' name='password' />
    <input type='password' name='re-password' />
    <input type='submit' name='submit' />
</form>

你的 PHP 代码

if($_POST){

        if(empty($_POST['username']) && empty($_POST['password']) && empty($_POST['re-password'])) {
            echo 'Please enter all fields';
        }else {

        $username = $_POST['username'];
        $password = $_POST['password'];
        $re_password = $_POST['re-password'];

        if($password !== $re_password){
            echo 'Both passwords do not match';
        }else {

            $db_name = 
            $db_user = 
            $db_pass = 

            $conn = new PDO('mysql:host=localhost;dbname=xxx', 'xxx', 'xxx', 
                array( PDO::ATTR_PERSISTENT => true )
        );

            $stmt = $conn->prepare("SELECT username,password FROM users WHERE username = ? AND password = ?");
            $stmt->execute(array($username, $password));

            if($stmt->rowCount() === 0 ) {


            $stmt = $conn->prepare("INSERT INTO users (username, password) VALUES (?,?)");
            $stmt->execute(array($username, $password));
            if($stmt->rowCount() ===1){
                echo 'Registration complete';
            }else {
                echo 'Sorry, unknown error: please try again later';

            }

            }else {
                echo 'Sorry, the username '.$username.' already exists';
            }



        }

        }
    }
于 2013-05-04T16:01:18.647 回答
0

删除最后一个;

$qry = "SELECT username
    FROM codecalltut
    WHERE username = username;";
               REMOVE THIS --^ ^----ADD THIS
于 2013-05-04T15:05:35.653 回答
0

接下来是@Nelson 所说的。您还应该用'单引号将查询中的字符串括起来,如下所示:

$qry = "SELECT username FROM codecalltut   WHERE username = 'username' ";

此外,如果您在内部写入任何可能与数据库语言本身冲突的表、行名称,请确保用反引号 (`) 将它们括起来

顺便一提

一个简单的登录脚本会以这种方式运行。(希望,您使用PDOormysqli代替 mysql 函数来与您的数据库交互

// set isset(), to validate if form is submited and then

    $username = $_POST['username']; 
    $pass= $_POST['pass'];

现在,代码。

$conn = new PDO('mysql:host=localhost; dbname=***;', 'db-user', 'user-pass');

$stmt = $conn->prepare("SELECT username,password from members WHERE username = ? AND password = ?");

$stmt->execute(array($username, $password));
if($stmt->rowCount() === 1){
echo 'welcome'.$username;
}else {
echo $username.' is not found'
}
于 2013-05-04T15:07:18.733 回答