这个问题已经在这里有了答案: > check if row exists with mysql 3个
我想在注册用户时检查MySQL数据库中的重复项.
如果用户存在,则显示该错误,否则请注册.
我知道有一些这样的问题,但是我发现很难将其中的任何一个粘贴到我的代码中.
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
//two passwords are the same
if($_POST['password'] == $_POST['confirmedpassword']) {
$username = $mysqli->real_escape_string($_POST['username']);
$password = md5($_POST['password']);
$_SESSION['username'] = $username;
$_SESSION['password'] = $password;
$sql = "INSERT INTO members(username, password)"
. "VALUES ('$username','$password')";
//if query is successful redirect to login.php
if ($mysqli->query($sql) === true)
$_SESSION['message'] = 'Success';
header("location: login.php");
} else {
$_SESSION['message'] = "User couldnt be added";
}
} else {
$_SESSION['message'] = "Passwords dont match";
}
}
解决方法:
我在您的md5密码中加了一些盐,以使其看起来更加安全,但实际上此解决方案也不安全.要在PHP中加密密码,建议使用password_hash()函数,如下所示:
$pass = password_hash($password, PASSWORD_BCRYPT);
password_hash() creates a new password hash using a strong one-way hashing algorithm.
然后使用password_verify()测试它:
password_verify ( $passToTest , $knownPasswordHash );
另外,由于您使用的是MySQLi,因此请考虑使用准备好的语句,或者至少在将输入数据应用到数据库之前正确过滤输入数据.
有关准备好的语句的更多信息:http://php.net/prepared-statements.
在将用户添加到数据库之前,我添加了一条select语句来检查用户是否已存在于表中.
当使用header()更改页面位置时,如果要立即退出并且不希望其他代码执行,请在下一行代码中放入exit()或die().
这是添加了select语句的代码:
if ($_SERVER['REQUEST_METHOD'] == 'POST')
{
//two passwords are the same
if($_POST['password'] == $_POST['confirmedpassword'])
{
$username = $mysqli->real_escape_string($_POST['username']);
// You might consider using salt when storing passwords like this
$salt = 'aNiceDay';
$password = md5(md5($_POST['password'].$salt).$salt);
$_SESSION['username'] = $username;
$_SESSION['password'] = $password;
$sql = "SELECT `username` FROM members WHERE `username` = '".$username."'";
$result = $mysqli->query($sql);
if(mysqli_num_rows($result) > 0)
{
echo 'User exists.';
// Do something.
}
else
{
$sql = "INSERT INTO members(username, password) VALUES ('".$username."','".$password."')";
if($mysqli->query($sql) === true)
{
$_SESSION['message'] = 'Success';
header("location: login.php");
// Important to put exit() after header so other code
// doesn't get executed.
exit();
}
else
{
$_SESSION['message'] = "User couldn't be added";
echo "User couldn't be added.";
}
}
}
else
{
$_SESSION['message'] = "Passwords dont match";
}
}
?>
标签:mysql,php
来源: https://codeday.me/bug/20191110/2014267.html