0

我创建了一个注册表单,我想防止同一用户一次又一次地注册系统。这是我的代码,请帮我解决这个问题。在初始注册时,只考虑用户名密码和电子邮件,在登录系统后,用户可以更新他们的信息,如姓名、性别、教育等:....

<?php
session_start();

include_once 'newFunctions.php';
include_once 'dbConnect.php';

// database connection
dbConnect(); 

$username = $_POST['username'];
$pw=md5($_POST['password']);
$email=$_POST['email'];

//check the term
if(isset($_POST['term'])){
    $is_checked = 1;
}else{
    $is_checked = 0;
}


$insert_data="INSERT INTO tutor(userName, password, email, avatar, term)
    VALUES
    ( '{$username}','{$pw}','{$email}','default_image.jpg','{$is_checked}')";


$check=mysql_query($insert_data);

if($check=='true')
{

// session variables
$_SESSION['login'] = "1";
$_SESSION['username']=$username; 
$_SESSION['password']=$pw;

showAlert("You Have Successfully Registered ", "../tutor_panel_ui.php");

}

else{

echo "Invalid Login";

$_SESSION['login'] = '';
}

?>
4

2 回答 2

2 

 $insert_data="INSERT INTO tutor(userName, password, email, avatar, term)
VALUES
( '{$username}','{$pw}','{$email}','default_image.jpg','{$is_checked}')";

您运行查询以检查电子邮件 ID 或/和用户名是否已存在于您的数据库中。

会是这样的

$query="SELECT userName (or/and) email FROM tutor WHERE email ='$email' (or/and) userName=$username ";

检查返回的结果是空的还是包含一些行。如果为空,则继续注册用户,否则告诉用户他已经重新注册,不能再次注册。

于 2013-07-29T06:28:35.687 回答
1

我会做什么:将导师栏电子邮件和用户名设置为每个UNIQUE KEY. 然后我将对您的代码进行以下编辑:

<?php
session_start();

include_once 'newFunctions.php';
include_once 'dbConnect.php';

// database connection
dbConnect(); 

$username = $_POST['username'];
$pw=md5($_POST['password']);
$email=$_POST['email'];

//check the term
if(isset($_POST['term'])){
    $is_checked = 1;
}else{
    $is_checked = 0;
}


$insert_data="INSERT INTO tutor(userName, password, email, avatar, term)
    VALUES
    ( '".mysql_real_escape_string({$username})."','".mysql_real_escape_string({$pw})."','{".mysql_real_escape_string($email})."','default_image.jpg','{$is_checked}')";


$check=mysql_query($insert_data);

if($check=='true')
{

// session variables
$_SESSION['login'] = "1";
$_SESSION['username']=$username; 
$_SESSION['password']=$pw;

showAlert("You Have Successfully Registered ", "../tutor_panel_ui.php");
//showAlert is a javascript function - so unless you have defined it in your other files you'll need to do a different thing here.
}

else{

echo "Registration data invalid. Username and email must be unique. Are you already signed up and forgot your password? if so <a href='recoverpassword.php'>Recover your password</a>.";

$_SESSION['login'] = '';
}

?>

注意:我在mysql_real_escape_string()那里调用以避免可怕的致命 SQL 注入风险,但您应该考虑升级到 PDO_ 或 mysqli_ 而不是 mysql_ 函数。

于 2013-07-29T06:38:33.873 回答