我的PHP注册代码无法正常工作。当我输入已经在使用的电子邮件和/或已经在使用的用户名时,它会再次注册用户,尽管我已经制作了IF语句来检查具有此名称或电子邮件的用户是否已经存在。这是一段代码:
if (isset($_POST['username']))
{
$username = mysql_prep($_POST['firstname']);
$password = mysql_prep($_POST['password']);
$email = mysql_prep($_POST['email']);
$ip = mysql_prep($_POST['ip']);
$sex = mysql_prep($_POST['sex']);
$conn = mysql_connect(DB_HOST, DB_USER, DB_PASS);
if ($conn)
{
$select_db = mysql_select_db(DB_NAME, $conn);
if ($select_db)
{
$sql = "SELECT id FROM users WHERE email = '{$email}'"
$result = mysql_query($sql, $conn);
if(mysql_num_rows($result) >= 1)
{
die("Email already registered");
}
$sql = "SELECT id FROM users WHERE username = '{$username}'"
$result = mysql_query($sql, $conn);
if(mysql_num_rows($result) >= 1)
{
die("Username already exists");
}
$sql = "INSERT INTO users (`username`, `password`, `email`)
VALUES ('{$username}', '{$password}', '{$email}' '{$sex}')"
$result = mysql_query($sql, $conn);
if($result)
{
echo "true";
}
else
{
echo "false";
}
}
else
{
die("Cannot select database!<br />" . mysql_error());
}
}
else
{
die("Cannot connect to database!<br />" . mysql_error());
}
}
else
{
echo "<h1>Sorry, you have no place here :)</h1>";
}
mysql_prep()是使输入数据为real_escape_string以确保安全的函数。 有什么建议吗?
答案 0 :(得分:0)
要调试错误,为什么不回显浏览器中的$ sql变量(die()之前的那个)然后复制它并在phpmyadmin中查看输出。 如果它返回,则继续前进,直到找到错误。 您也可以使用php的内置函数,但我总是觉得这种方法更容易。
答案 1 :(得分:0)
使用concatenate运算符使用这样的查询。
$sql = "SELECT id FROM users WHERE email = '".$email."'";
被修改
$sql = "SELECT id FROM users WHERE email = '{$email}'"
$sql = "SELECT id FROM users WHERE username = '{$username}'"
$sql = "INSERT INTO users (`username`, `password`, `email`) VALUES ('{$username}', '{$password}', '{$email}' '{$sex}')"
确定替换这些行并再次检查这将最多需要2分钟
$sql = "SELECT id FROM users WHERE email = '".$email."'";
$sql = "SELECT id FROM users WHERE username = '".$username."'";
$sql = "INSERT INTO users (`username`, `password`, `email`) VALUES ('".$username."', '".$password."', '".$email."' '".$sex."')";