count($existuser)
函数始终返回1.即使没有具有该名称或电子邮件的用户。
以下是代码:
function registerUser($username, $password, $passwordagain, $email, $mcname) {
include $_SERVER['DOCUMENT_ROOT'] . "/config/config.php";
$conn = new PDO('mysql:host=' . $ip . ';dbname=' . $database, $username, $password);
$validusername = "/^[a-z0-9]+$/";
$validpassword = "/^[A-Za-z0-9]+$/";
$validemail = "/^([a-zA-Z0-9_\.\-])+\@(([a-zA-Z0-9\-])+\.)+([a-zA-Z0-9]{2,4})+$/";
$validmcname = "/^[A-Za-z0-9]+$/";
$error = 0;
if (strlen($username) < 4 || strlen($username) > 24) {
$error = 1;
}
if (strlen($password) < 6 || strlen($password) > 24) {
$error = 1;
}
if (strlen($mcname) < 4 || strlen($mcname) > 24) {
$error = 1;
}
if (!preg_match($validusername, $username)) {
$error = 1;
}
if (!preg_match($validpassword, $password)) {
$error = 1;
}
if (!preg_match($validemail, $email)) {
$error = 1;
}
if (!preg_match($validmcname, $mcname)) {
$error = 1;
}
if ($password != $passwordagain) {
$error = 1;
}
//test
$userquery = $conn->query('SELECT * FROM users WHERE username="' . $username . '"');
$existuser = $userquery->fetch();
echo count($existuser);
//test
if (count($existuser)) {
$error = 1;
echo "<div class='erroralert'>Username already exists!</div>";
}
//test
$emailquery = $conn->query('SELECT * FROM users WHERE email="' . $email . '"');
$existemail = $emailquery->fetch();
//test
if (count($existemail)) {
$error = 1;
echo "<div class='erroralert'>E-mail already exists!</div>";
}
if ($error != 1) {
$encryptedpassword = hash('sha512', $password);
$registeruser = $conn->query("INSERT INTO users(username, password, email, mcname) VALUES ('$username', '$encryptedpassword', '$email', '$mcname')");
echo "<div class='successalert'>Succesfully registred</div>";
}
}
答案 0 :(得分:1)
如果你这样做,为什么要使用PDO:
$userquery = $conn->query('SELECT * FROM users WHERE username="' . $username . '"');
$existuser = $userquery->fetch();
您应该具有以下逻辑:
$userquery = $conn->prepare('SELECT * FROM users WHERE username = ?');
$userquery->execute(array($username));
if ($userquery->rowCount()) {
// found user
} else {
// user not found
}
答案 1 :(得分:0)
查询可能无法执行,这就是为什么你总是得到“1”,这可能是错误报告。
阅读您的代码,我建议您试试这个:
在下面的查询中,您将用“,但是,并不总是支持这个用户名,而是应该使用单引号”并将字符串本身括在“。所以以下一行
$userquery = $conn->query('SELECT * FROM users WHERE username="' . $username . '"');
应该是
$userquery = $conn->query("SELECT * FROM users WHERE username='" . $username . "'");
对具有相同问题的其他查询执行相同的操作。
答案 2 :(得分:0)
您在此处使用count()
错误。对于任何正常变量它将返回1,对于数组,它将返回元素数。
重要的部分是第一部分。如果没有行,PDOStatement::fetch()
将返回FALSE
,其中计数为1,这是真实的:
count(FALSE); # 1
count($existuser); # 1 when there is no user, when there is a user at least 2
# for default fetchmode PDO::FETCH_BOTH
所以你什么都没检查过。而是测试它不 FALSE
:
if ($existuser === FALSE) {
// error.
}