查询前检查重复的电子邮件

时间:2013-09-02 22:55:29

标签: php mysql insert duplicates

我已经搜索并查看其他示例,但由于我是新手,因此无法转换为我的代码。我想要做的是检查数据库以查看是否已输入该电子邮件。如果有,我希望它告诉他们它有,并且每个人只有一个条目。任何帮助将不胜感激。请记住,这是我编写的第一个连接数据库的东西。

<?php //data.php


// Get values from form
$name        = $_POST['name'];
$email        = $_POST['email'];

$user_name = "user";
$password = "password";
$database = "dbname";
$server = "ahostsomewhere";

$db_handle = mysql_connect($server, $user_name, $password);
$db_found = mysql_select_db($database, $db_handle);

if ($db_found) {
$SQL = "INSERT INTO contestant_drawing (name, email) VALUES ('" . $name . "', '" .    $email . "')";
$result = mysql_query($SQL);
echo "To finalize your entry like our FaceBook Page, Good Luck!";

mysql_close($db_handle);


}else {
print "Database NOT Found ";
mysql_close($db_handle);

}
?>

1 个答案:

答案 0 :(得分:0)

首先要做的事情:切换到Prepared Statements

它们更安全,是访问数据库的更高级方法。

<?php

// Get values from form
$name        = $_POST['name'];
$email       = $_POST['email'];

$user_name    = "user";
$password     = "password";
$database     = "dbname";
$server       = "ahostsomewhere";

//Connect to your database using PDO (this only needs to be done once). $dbh is our connection
try {
    $dbh = new PDO("mysql:host=$server;dbname=$database", $user_name, $password);
}

//Make sure there are no errors
catch(PDOException $e){
    echo($e->getMessage());
}

//Query to check if the email already exists    
//This prepares the statements and uses placeholders (designated with a ':' colon)
$stmt = $dbh->prepare("SELECT * FROM `contestant_drawing` WHERE `email`=:email")
//This then binds a string to the placeholder (note the string '$stmt' is constant here)
$stmt->bindParam(':email',$email);
//Finally we execute the query
$stmt->execute();

//Count the rows in the returned array to see if there are already matching values in the database
if($stmt->rowCount()!=0){
    //Email already registered. Exit with a message
    exit('Email already exists');
}

//Email OK, continue with your queries
//You can use the same string '$stmt' because we don't need the query from before anymore. If you had multiple queries running alongside one another then you could use different strings for $stmt ($stmt1, $stmt2, $foo, $bar etc) but we can keep it the same to keep things simple
$stmt = $dbh->prepare("INSERT INTO `contestant_drawing`
                        (`name`, `email`)
                        VALUES (:name, :email)");
$stmt->bindParam(':name',$name);
$stmt->bindParam(':email',$email);
$stmt->execute();

echo "To finalize your entry like our FaceBook Page, Good Luck!";

//Disconnect from the database ($dbh)
$dbh = NULL;

?>

我所做的是执行单独的查询,首先使用用户的电子邮件地址搜索表中已存在的任何条目。只要没有找到,脚本就会继续。

希望这也让您深入了解如何执行预准备语句。这些确保您的数据库不会被篡改使用注入,这是非常有用的,并确保您可以专注于编写有效的脚本而不是消毒用户输入。

相关问题
最新问题