我是PHP的新手。下面的代码已经从我在网上找到的众多教程中拼凑而成,它正在按照我的方式工作。我收到了来自导师的电子邮件,要求我们添加可防止输入重复电子邮件地址的代码。我有需要添加的代码,但我不知道它应该去哪里。
以下是现有代码:
<?
include('config.php');
// table name
$tbl_name=temp_members;
// Random confirmation code
$confirm_code=md5(uniqid(rand()));
// values sent from form
$email=$_POST['email'];
$password=$_POST['password'];
$firstname=$_POST['firstName'];
$lastname=$_POST['lastName'];
// Insert data into database
$sql="INSERT INTO $tbl_name(confirm_code, email, password, firstname, lastname)VALUES('$confirm_code', '$email', '$password', '$firstname', '$lastname')";
$result=mysql_query($sql);
// if suceesfully inserted data into database, send confirmation link to email
if($result){
// ---------------- SEND MAIL FORM ----------------
// send e-mail to ...
$to=$email;
// Your subject
$subject="Francis Flower confirmation link";
// From
$headers="from: Francis Flower Admin <francis.flower.contact@gmail.com>";
$headers .= "MIME-Version: 1.0\r\n";
$headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n";
// Your message
$message = '<html><head>';
$message .= '<style type="text/css">
body {
font-family: Helvetica, Arial;
}
.center {
text-align: left;
}
</style>';
$message .= '<body><div class="center"><img src="http://www.jblanksby.yourwebsolution.net/images/logo.png"/>';
$message .= "<p>Dear " .$_POST['firstName']. " " .$_POST['lastName'].", </p>";
$message .= '<p>Thank you for signing up for an account at Francis Flower. </p>';
$message .= '<p>Your new account details are below: </p>';
$message .= "<p>Email Address: ".$_POST['email']. "</p>";
$message .= "<p>Password: " .$_POST['password']. "</p>";
$message .= "<p>Before you can login, you need to activate your account using the link below:</p>";
$message .= "<p>Click on this link to activate your account</p>";
$message .= "<p>http://jblanksby.yourwebsolution.net/confirmation.php?passkey=$confirm_code</p>";
$message .= '</div></body></html>';
// send email
$sentmail = mail($to,$subject,$message,$headers);
}
// if not found
else {
echo "Not found your email in our database";
}
// if your email succesfully sent
if($sentmail){ ?>
echo "Mail has been sent";
} else {
echo "Mail has not been sent"};
?>
以下代码捕获了我希望包含在上述代码中的重复电子邮件:
$query = "SELECT * FROM $tbl_name WHERE email = '{$email}'";
$result = mysql_query($query);
if ( mysql_num_rows ( $result ) > 1 )
{
/* Username already exists */
echo 'Username already exists';
}
else
{
/* Username doesn't exist */
/* .. insert query */
}
任何助理都会很棒!
答案 0 :(得分:0)
应该在执行INSERT语句之前放置它。
请注意,您的脚本容易受到SQL注入攻击。至少要在mysql_real_escape_string()输入值上调用$_POST:
// Get email from the form before checking if it was already inserted
// you don't need the other form values yet...
$email = mysql_real_escape_string($_POST['email']);
$query = "SELECT * FROM $tbl_name WHERE email = '{$email}'";
$result_eml = mysql_query($query);
// Added some error checking here to make sure the query succeeded
// Also here, check for > 0, not > 1 -- you want to find out if 1 or more rows exist, not that 2 or more exist...
if ( $result_eml && mysql_num_rows ( $result_eml ) > 0 )
{
/* Username already exists */
echo 'Username already exists';
}
else if (!$result) {
// error in query
}
else
{
// table name
$tbl_name=temp_members;
// Random confirmation code
$confirm_code=md5(uniqid(rand()));
// Other values sent from form
$password = mysql_real_escape_string($_POST['password']);
$firstname = mysql_real_escape_string($_POST['firstName']);
$lastname = mysql_real_escape_string($_POST['lastName']);
// Insert data into database
$sql="INSERT INTO $tbl_name(confirm_code, email, password, firstname, lastname)VALUES('$confirm_code', '$email', '$password', '$firstname', '$lastname')";
$result=mysql_query($sql);
// etc....
}
我不确定这是用于作业还是生产代码,但我要补充一点,通过电子邮件发送用户密码是一个非常糟糕的主意。电子邮件基本上就像一张明信片 - 除非你用加密方式发送它(这些天几乎没有人发送过),任何服务器管理员都可以从网络路径上的任何地方读取它,从发送点到接收点。
答案 1 :(得分:0)
你可以做几件事。您可以在数据库上放置一个unquie密钥,在插入重复行时会出现mysql错误。
您也可以在使用当前数据进行插入之前检查数据库,以确保在插入之前没有返回任何行。
这些只是您可以使用的一些想法。
另外,请查看using PDO