我正在为我的网站编写一些脚本,我目前正专注于检查用户名是否已被使用.我已经尝试编写SELECT脚本,其中选择了数据字段并检查POSTed数据是否匹配.
这是我的代码:
$username = $_POST["username"];
$password = $_POST["password"];
{ // Check if account already exists
$Select_Account = "SELECT ";
$Select_Account .= "Username ";
$Select_Account .= "FROM UserData ";
$Select_Account .= "WHERE UserData.Username ";
$Select_Account .= "= '$username'";
$Select_Account_Query = mysql_query($Select_Account);
if ($Select_Account_Query) {
echo "Account Exists";
} else {
echo "Account does not exist";
}
}
当输入的值不在表格内部时,我无法弄清楚阻止代码“E帐户不存在”的问题.
请注意,我是编写PHP和MySQL的新手,所以我还没有完全掌握所有查询和语法.所有帮助将不胜感激.
解决方法:
mysql_query()仅在查询出现问题且无法执行时才返回false.否则,返回值是评估成功的资源.那就是你的代码总是回应“账户存在”.检查SELECT语句获取的行数,以确定用户是否存在.
您的代码也不安全.它易受SQL注入攻击.我强烈建议不要使用mysql_ *系列PHP函数.它们自PHP 5.5.0起已弃用,将在以后的版本中删除.考虑切换到mysqli_ *系列函数或更好地使用PDO参数化查询.
PDO:
$conn = new PDO('mysql:host='.$dbhost.';dbname='.$dbname,
$dbusername,
$dbpassword);
$username = $_POST["username"];
$password = $_POST["password"];
//Query statement with placeholder
$query = "SELECT Username
FROM Userdata
WHERE Userdata.Username = ?";
//Put the parameters in an array
$params = array($username);
//Execute it
try {
$stmt = $conn->prepare($query);
$result = $stmt->execute($params);
} catch(PDOException $ex) {
echo $ex->getMessage());
}
//Now Check for the row count
if($stmt->rowCount === 1) {
echo "Account Exists";
} else {
echo "Account does not exist";
}
标签:php,mysql
来源: https://codeday.me/bug/20190807/1605507.html