注册表单的SQL问题

时间:2013-10-15 19:32:43

标签: php mysql forms registration username

我已经创建了一个注册表(见下面的代码)。密码有两个字段,第二个用作检查字段,在表单提交时我检查字段中的输入是否匹配。如果没有成功发送消息,则密码不匹配但新用户记录仍插入数据库。如果密码字段不匹配,如何防止记录插入?

以下是代码:

<?php

    $username = isset( $_POST["username"] ) ? $_POST["username"] : "";
    $password = isset( $_POST["password"] ) ? $_POST["password"] : "";
    $confirm = isset( $_POST["confirm"] ) ? $_POST["confirm"] : "";

    if( !empty( $username ) && !empty( $password ) ) {

        if( $password != $confirm )
            header( "location:registration.php?msg = Password does not be match." );

        $host = "localhost";
        $user = "i have put my username here";
        $pass = "i have put my pass here";

        $link = mysql_connect( $host,$user,$pass ) or die( mysql_error() );   
        mysql_select_db( "web_db",$link );   
        $query = "SELECT * FROM users WHERE username = '".mysql_escape_string( $username )."'";   
        $result = mysql_query( $query );   
        $count = mysql_num_rows( $result );

        if( $count =  = 1 ) {
            header( "location:registration.php?msg = username already exists" );
        } else {  
            $qry = "INSERT INTO users( username,password )VALUES( '".mysql_escape_string( $username )."', '".mysql_escape_string( $password )."' )";  
            mysql_query( $qry );

            echo "You are successfully registered.";
        }

        mysql_close( $link );    
    } else {
        header( "location:registration.php?msg = Username or password cannot be blank." );
  }

2 个答案:

答案 0 :(得分:0)

试试这个:

if($password != $confirm){
    header("location:registration.php?msg=Password does not be match.");
    exit;
}
else {
    // rest of the code goes here
}

答案 1 :(得分:0)

if ($password != $confirm) {
   header("location:registration.php?msg=Password does not be match.");
   exit();
}

尝试使用上面的代码可能会有帮助。