Question

所以我正在Ruby / Sinatra中构建登录/注册页面，我正在尝试添加一些逻辑，以便如果有人尝试使用正在使用的电子邮件注册，它会告诉他们，并且不允许他们注册

require 'rubygems'
require 'sinatra'
require 'mysql'

get "/" do
        erb :form
end

post "/" do

begin
        con = Mysql.new('localhost', 'tut', 'tut', 'recruited_users')
        auth = con.query('SELECT school FROM users WHERE email = "#{params[:email]}" AND password = "#{params[:password]}"')
        auth.fetch_row
        ensure
                con.close if con
        end
end

get '/signup' do
        erb :signup
end

post '/signup' do

begin
        con = Mysql.new('localhost', 'tut', 'tut', 'recruited_users')
        check_for_user = con.query("SELECT email FROM users WHERE email = '#{params[:email]}'")
        if check_for_user == ''
                "Sorry, but there is already an account for this user. The ID is '#{params[:check_for_user]}', please try again"
        else
                auth = con.query("INSERT INTO users (email, password, school) VALUES('#{params[:email]}', '#{params[:password]}', '#{params[:school]}')")
                "Succesfully created user #{params[:email]}"
        end
        ensure
                con.close if con
        end
end

问题是变量check_for_user没有收到任何值，至少没有我可以使用的值。我需要能够设置if语句，以便只有在数据库中尚不存在电子邮件时才能创建新用户。

Answer 1

首先，你不能在单个带引号的字符串中使用字符串插值（#{...}），它只适用于双引号字符串（或类似双引号字符串的%Q{...}之类的字符串）。其次，SQL中的字符串文字应该用单引号引用，MySQL和SQLite可以让你使用双引号，但这是一个坏习惯。第三，我们在1999年没有破解PHP，所以你不应该使用字符串插值来构建SQL，你应该使用占位符：

sth = con.prepare('select school from users where email = ? and password = ?')
sth.execute(params[:email], params[:password])
row = sth.fetch
if(!row)
    # Didn't find anything
else
    # The school is in row.first
end

将变量赋给mysql查询ruby

1 个答案: