正如其他用户所指出的,您应该通过 PDO(或 mysqli,但我绝对更喜欢 PDO)使用准备好的语句
您将 POSTS 存储在变量中,但是在数据库查询中您只是再次使用 $_POST 变量?
我不确定你对这$register = mysql_fetch_array
部分做了什么,但要获得所需的功能,你应该使用选择查询来计算使用用户名的用户数量。
您没有使用任何安全的哈希格式来存储密码。我将其切换为使用 password_hash()。
尝试这样的事情(虽然我还没有测试过代码,所以可能会有错误):
<?php
//Put all POSTS in variables
$user = $_POST['user'];
$pass = password_hash($_POST['password'], PASSWORD_DEFAULT);
$email = $_POST['email'];
$email_check = $_POST['email_check'];
//Database config- probably should store in a separate file
$database_host = "";
$database_name = "";
$database_user = "";
$database_password = "";
$conn = new PDO("mysql:host=$database_host;dbname=$database_name",$database_user,$database_password);
//Find out if the username is taken.
$sql = "SELECT count(*) FROM `registration` WHERE user = :user";
$q = $conn->prepare($sql);
$q->execute(array(':user' => $user));
$number_of_rows = $q->fetchColumn();
//Clear $sql and $q so you can use them again
$sql = NULL;
$q = NULL;
if ($number_of_rows > 1) {
//Username already taken
echo "Username already taken";
}
else {
$sql = "INSERT INTO registration (user,password,email) VALUES (:user,:password,:email)";
$q = $conn->prepare($sql);
$q->execute(array(':user'=>$user, ':password'=>$password, ':email'=>$email));
echo "The account " . $user . " was successfully created";
}
?>