0

我是 PHP 新手,我想检查我的数据库中是否已经存在用户名或电子邮件。如果是这样,我想重定向回我的注册页面。我的代码可以添加用户,但我不知道如何检查用户名和电子邮件是否存在。我不想做任何主键请帮助!!!这是我现在使用的书中的代码:

<?php
require_once "app_config.php";
require_once "database_connection.php";

$upload_dir = HOST_WWW_ROOT . "uploads/profile_pics/";
$image_fieldname = "user_pic";

//Potential PHP errors
$php_errors = array(1 => 'Maximum file size in php.ini exceeded',
                    2 => 'Maximum file size in HTML form exceeded',
                    3 => 'Only part of the file was uploaded',
                    4 => 'No file was selected to upload');

$first_name = trim($_REQUEST['first_name']);
$last_name = trim($_REQUEST['last_name']);
$username = trim($_REQUEST['username']);
$password = trim($_REQUEST['password']);
$email = trim($_REQUEST['email']);
$bio = trim($_REQUEST['bio']);
$facebook_url = str_replace("facebook.org", "facebook.com", trim($_REQUEST['facebook_url']));
$position = strpos($facebook_url, "facebook.com");
if($position === false) {
    $facebook_url = "http://www.facebook.com/" . $facebook_url;
}
$twitter_handle = trim($_REQUEST['twitter_handle']);
$twitter_url = "http://www.twitter.com/";
$position = strpos($twitter_handle, "@");
if($position === false) {
    $twitter_url = $twitter_url . $twitter_handle;
} else {
    $twitter_url = $twitter_url . substr($twitter_handle, $position + 1);
}

//Make sure we didn't have an error uploading the image
($_FILES[$image_fieldname]['error'] == 0)
    or handle_error("the server couldn't upload the image you selected",
                    $php_errors[$_FILES[$image_fieldname]['error']]);

// Is this file the result of a valid upload?
@is_uploaded_file($_FILES[$image_fieldname]['tmp_name'])
    or handle_error("you were trying to do something naughty. Shame on you!",
                    "Uploaded request: file named " .
                    "'{$_FILES[$image_fieldname]['tmp_name']}'");

// Is this actually an image?
@getimagesize($_FILES[$image_fieldname]['tmp_name'])
    or handle_error("you selected a file for your picture " .
                    "that isn't an image.",
                    "{$_FILES[$image_fieldname]['tmp_name']} " .
                    "isn't a valid image file.");

//Name the file uniquely
$now = time();
while(file_exists($upload_filename = $upload_dir . $now .
                    '-' . $_FILES[$image_fieldname]['name'])) {
    $now++;
}

// Insert the image into the images table
$image = $_FILES[$image_fieldname];
$image_filename = $image['name'];
$image_info = getimagesize($image['tmp_name']);
$image_mime_type = $image_info['mime'];
$image_size = $image['size'];
$image_data = file_get_contents($image['tmp_name']);

//Insert into images query
$insert_image_sql = sprintf("INSERT INTO images " .
                        "(filename, mime_type, file_size, image_data) " .
                    "VALUES ('%s', '%s', %d, '%s');",
                        mysql_real_escape_string($image_filename),
                        mysql_real_escape_string($image_mime_type),
                        mysql_real_escape_string($image_size),
                        mysql_real_escape_string($image_data));

mysql_query($insert_image_sql)
    or die(mysql_error());

//Insert into users query
$insert_sql = sprintf("INSERT INTO users " .
                        "(first_name, last_name, username, " .
                        "password, email, " .
                        "bio, facebook_url, twitter_handle, " .
                        "profile_pic_id) " .
            "VALUES ('%s', '%s', '%s', '%s', '%s',
                    '%s', '%s', '%s', %d);",
                        mysql_real_escape_string($first_name),
                        mysql_real_escape_string($last_name),
                        mysql_real_escape_string($username),
                        mysql_real_escape_string($password),
                        mysql_real_escape_string($email),
                        mysql_real_escape_string($bio),
                        mysql_real_escape_string($facebook_url),
                        mysql_real_escape_string($twitter_handle),
                        mysql_insert_id());

//Insert user into database
mysql_query($insert_sql)
    or die(mysql_error());

//Redirect the user the page that displays user information
header("Location: show_user.php?user_id=" . mysql_insert_id());
exit();

?>

4

3 回答 3

1
select count(1) from users where email = '[INSERT USERNAME TO CHECK HERE]'

返回 0 意味着没有具有该用户名的用户。

您还需要在插入之前将所有用户名小写,以防止出现“bob”、“Bob”和“BOB”的情况。

于 2013-08-29T01:34:05.493 回答
0

最安全的方法是让数据库进行检查。这称为“唯一约束”,当它尝试添加重复项时,它将导致任何更新或插入失败。

您只需创建唯一索引即可轻松创建此约束:

create unique index users_username on users(username);
create unique index users_email on users(email);
于 2013-08-29T01:45:32.630 回答
0

首先是一个很好的提示。PHP 中的mysql函数已过时,您应该阅读有关 PDO 的内容。

但是现在在您的插入查询之前添加它。

if(mysql_num_rows(mysql_query("SELECT ID FROM users WHERE email = '".  mysql_real_escape_string($email) ."')) != 0) {
  exit("email exists");
}
于 2013-08-29T01:32:35.113 回答