如果有人能证实,我很乐意欣赏它。这可能是一个副本,我不知道。我查找了很多方法来检查数据库中的相同用户名,这是我的结果。我也会接受改进。
$con = mysqli_connect("localhost", "root", "", "testdb") or die("Error " . mysqli_error($con));
$result = mysqli_query($con, "SELECT * FROM users WHERE username = '".$username."'");
if ($row = mysqli_fetch_array($result) > 0) {
if ($_POST['username'] == $row['username']){
$error = true;
$username_error = "Username is already in use.";
}
}
编辑:完整代码:
<?php
session_start();
if(isset($_SESSION['user_id'])) {
header("Location: index.php");
}
include_once 'dbconnect.php';
//set validation error flag as false
$error = false;
//check if form is submitted
if (isset($_POST['signup'])) {
$first_name = mysqli_real_escape_string($con, $_POST['first_name']);
$last_name = mysqli_real_escape_string($con, $_POST['last_name']);
$username = mysqli_real_escape_string($con, $_POST['username']);
$email = mysqli_real_escape_string($con, $_POST['email']);
$password = mysqli_real_escape_string($con, $_POST['password']);
$cpassword = mysqli_real_escape_string($con, $_POST['cpassword']);
$quote = mysqli_real_escape_string($con, $_POST['quote']);
$who = mysqli_real_escape_string($con, $_POST['who']);
//name can contain only alpha characters and space
$db = new PDO("mysql:host=localhost;dbname=testdb;charset=utf8", "root", "awesome1426!$@^");
$query = $db->prepare("SELECT * FROM users WHERE username=?");
$query->bindParam(1, $username, PDO::PARAM_STR);
if ($query->fetch()) {
// Username is duplicate
$error = true;
$username_error = "no";
} else {
}
if (!preg_match("/^[a-zA-Z ]+$/",$first_name)) {
$error = true;
$firstname_error = '<div class="error-notice">
<div class="oaerror danger">
<strong>Uh oh!</strong> - First Name must contain only alphabets and space.
</div>';
}
if (!preg_match("/^[a-zA-Z ]+$/",$last_name)) {
$error = true;
$lastname_error = '<div class="error-notice">
<div class="oaerror danger">
<strong>Uh oh!</strong> - Last Name must contain only alphabets and space.
</div>';
}
if(!filter_var($email,FILTER_VALIDATE_EMAIL)) {
$error = true;
$email_error = '<div class="error-notice">
<div class="oaerror danger">
<strong>Uh oh!</strong> - Please Enter Valid E-mail.
</div>';
}
if(strlen($password) < 6) {
$error = true;
$password_error = '<div class="error-notice">
<div class="oaerror danger">
<strong>Uh oh!</strong> - Password must be minimum of 6 characters.
</div>';
}
if($password != $cpassword) {
$error = true;
$cpassword_error = '<div class="error-notice">
<div class="oaerror danger">
<strong>Uh oh!</strong> - Make sure your passwords match.
</div>';
}
if (!$error) {
if(mysqli_query($con, "INSERT INTO users(first_name,last_name,username,email,password,quote,who) VALUES('" . $first_name . "', '" . $last_name . "', '" . $username . "', '" . $email . "', '" . md5($password) . "', '" . $quote . "', '" . $who . "')")) {
$successmsg = '<div class="error-notice">
<div class="oaerror success">
<strong>Wooh!</strong> - Successfully Registered! <a href="login.php">Click here to Login</a>
</div>';
} else {
$errormsg = '<div class="error-notice">
<div class="oaerror info">
<strong>Hmm.</strong> - Error in registering...Please try again later.
</div>';
}
}
}
?>
我在这里的代码末尾收到错误。 Error in registering...Please try again later.
我不确定发生了什么。
答案 0 :(得分:-2)
为什么不检查$ _POST [&#34;用户名&#34;]的值是否在数据库中而不是与$ row进行比较?
即:
$con = mysqli_connect("localhost", "root", "", "testdb") or die("Error " . mysqli_error($con));
$usr = $_POST["username"];
$result = mysqli_query($con, "SELECT * FROM users WHERE username = '$usr'");
if (mysqli_fetch_array($result) > 0) {
$error = true;
$username_error = "Username is already in use.";
}
}
如果用户名已经在数据库中,这将计算在内!