我一直在学习本教程,用于构建简单的注册/登录脚本。
http://forum.codecall.net/topic/69771-creating-a-simple-yet-secured-loginregistration-with-php5/
我是PHP的新手,但我有很多使用C ++的经验,所以我认为转换不会太难,我只需要弄清楚语法。我也在大学时非常快速地介绍了mySQL,所以我认为在用户注册时使用mySQL来检查现有的用户名要容易得多,尽管我的知识并不太好。我认为这样的事情会起作用;
SELECT username
FROM codecalltut
WHERE username = username;
这实际上有用吗?它是从数据库codecalltut中选择用户名然后检查输入的用户名是否已经是用户名?即使这是正确的,我也不知道如何将它包含在我的PHP中。
我尝试过使用
$qry = "SELECT username
FROM codecalltut
WHERE username = username;"
但是当它移动到下一个语句时我只是得到语法错误。
<?php
$qry = "SELECT username
FROM codecalltut
WHERE username = username;"
//if register button was clicked.
} else {
$usr = new Users; //create new instance of the class Users
$usr->storeFormValues( $_POST ); //store form values
//if the entered password is match with the confirm password then register him
if( $_POST['password'] == $_POST['conpassword'] ) {
echo $usr->register($_POST);
} else {
//if not then say that he must enter the same password to the confirm box.
echo "Password and Confirm password not match";
}
}
?>
这是用于构建数据库的查询:
CREATE DATABASE `codecalltut` DEFAULT CHARACTER SET latin1 COLLATE latin1_swedish_ci;
USE `codecalltut`;
CREATE TABLE IF NOT EXISTS `users` (
`userID` int(11) NOT NULL AUTO_INCREMENT,
`username` varchar(50) NOT NULL,
`password` varbinary(250) NOT NULL,
PRIMARY KEY (`userID`,`username`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=6 ;
这是用户点击“注册”
时的HTML代码<li class="buttons">
<input type="submit" name="register" value="Register" />
<input type="button" name="cancel" value="Cancel" onclick="location.href='index.php'" />
</li>
答案 0 :(得分:1)
您是否省略了执行查询的部分?我只看到你将查询分配给变量但不执行它。
我看到你正在使用PDO,因此你不应该将你要检查的用户名连接到查询中,因为它会让你对SQL注入开放。我假设你的数据库对象叫做“$ con”,你的表是codecalltut。这样做:
$qry = "SELECT * FROM codecalltut WHERE username=?";
$stmt = $con->prepare($qry);
$stmt->execute(array($_POST['username']));
$exists = ($stmt->rowCount() === 1) ? true : false;
答案 1 :(得分:1)
您的注册HTML表单
<form action='' method='POST'>
<input type='text' name='username' />
<input type='password' name='password' />
<input type='password' name='re-password' />
<input type='submit' name='submit' />
</form>
您的PHP代码
if($_POST){
if(empty($_POST['username']) && empty($_POST['password']) && empty($_POST['re-password'])) {
echo 'Please enter all fields';
}else {
$username = $_POST['username'];
$password = $_POST['password'];
$re_password = $_POST['re-password'];
if($password !== $re_password){
echo 'Both passwords do not match';
}else {
$db_name =
$db_user =
$db_pass =
$conn = new PDO('mysql:host=localhost;dbname=xxx', 'xxx', 'xxx',
array( PDO::ATTR_PERSISTENT => true )
);
$stmt = $conn->prepare("SELECT username,password FROM users WHERE username = ? AND password = ?");
$stmt->execute(array($username, $password));
if($stmt->rowCount() === 0 ) {
$stmt = $conn->prepare("INSERT INTO users (username, password) VALUES (?,?)");
$stmt->execute(array($username, $password));
if($stmt->rowCount() ===1){
echo 'Registration complete';
}else {
echo 'Sorry, unknown error: please try again later';
}
}else {
echo 'Sorry, the username '.$username.' already exists';
}
}
}
}
答案 2 :(得分:0)
删除最后一个;:
$qry = "SELECT username
FROM codecalltut
WHERE username = username;";
REMOVE THIS --^ ^----ADD THIS
答案 3 :(得分:0)
'单引号将字符串括起来,如下所示:
$qry = "SELECT username FROM codecalltut WHERE username = 'username' ";
另外,如果你在里面写,任何可能与数据库语言本身冲突的表,行名,请确保用反引号(`)
将它们括起来。<强> bytheway
一个简单的登录脚本就可以解决这个问题。 (希望您使用PDO或mysqli代替mysql函数与数据库进行交互
// set isset(), to validate if form is submited and then
$username = $_POST['username'];
$pass= $_POST['pass'];
现在,代码。
$conn = new PDO('mysql:host=localhost; dbname=***;', 'db-user', 'user-pass');
$stmt = $conn->prepare("SELECT username,password from members WHERE username = ? AND password = ?");
$stmt->execute(array($username, $password));
if($stmt->rowCount() === 1){
echo 'welcome'.$username;
}else {
echo $username.' is not found'
}