我已经四处寻找,但我找不到能正常工作的东西。 我有输入:用户名,密码和电子邮件。
我想检查用户名和电子邮件,并知道它们是否存在于数据库中。
如果是,则会给出na错误,如果没有,则会创建一个新帐户。
所以这是我现在的代码:
表单
<?php
function formulary() {
?>
<section class="container">
<div class="register">
<h1>Create an account</h1>
<form method="post">
<p><input type="text" name="username" value="" placeholder="Username" maxlength="25"></p>
<p><input type="password" name="password" value="" placeholder="Password" maxlength="25"></p>
<p><input type="email" name="email" value="" placeholder="E-Mail" maxlength="50"></p>
<div class="buttons">
<input type="submit" name="register" value="Register">
<input type="button" name="cancel" value="Cancel" onClick="window.location='login.php';">
</div>
</form>
</div>
</section>
<?php
}
?>
检查
<?php
function registNew() {
$con = mysqli_connect("localhost","root","","work");
$username = mysqli_real_escape_string($con , $_POST["username"]);
$password = mysqli_real_escape_string($con , $_POST["password"]);
$email = mysqli_real_escape_string($con , $_POST["email"]);
if(mysqli_connect_errno())
{
echo "Error MySQL: " .mysqli_connect_errno();
}
$sqlUser = "SELECT * FROM users WHERE username = '".$username."'";
$rs = mysqli_query($con ,$sqlUser);
$numUsers = mysqli_num_rows($rs);
if($numUsers > 0) {
echo "User already exists<br/>";
}
else
{
$sqlEmail = "SELECT * FROM utilizadores WHERE email = '".$email."'";
$rs = mysqli_query($con ,$sqlEmail);
$numEmails = mysqli_num_rows($rs);
if($numEmails > 0) {
echo "E-Mail already exists<br/>";
}
else
{
$newUser= "INSERT INTO utilizadores(username,password,email) VALUES('$username','$password','$email')";
if(mysqli_query($con ,$newUser))
{
echo "Account has been created!<br/>";
mysqli_close($con);
header('Location: login.php');
}
else
{
echo "Error at adding user<br/>";
header("refresh:5;url=register.php");
}
}
}
}
?>
结束
<?php
if(!isset($_SESSION)) {
session_start();
}
if(!isset($_POST["register"]))
{
formulary();
}
else
{
registNew();
}
?>
创建不存在的帐户的输出是:
添加用户时出错
我对PHP很陌生,所以我不确定是什么问题。是因为我对用户名和电子邮件使用相同的变量(检查/ sql / etc变量),或者我只是做错了吗?
知道为什么这不起作用吗?
答案 0 :(得分:1)
我编辑了registNew函数的第一部分,以检查是否有任何结果。一切都当然是逃脱的,所以你是安全的。
function registNew() {
$con = mysqli_connect("localhost","root","","work");
$username = mysqli_real_escape_string($con, $_POST["username"]);
$password = mysqli_real_escape_string($con, $_POST["password"]);
$email = mysqli_real_escape_string($con, $_POST["email"]);
if(mysqli_connect_errno())
{
echo "Error MySQL: " .mysqli_connect_errno();
}
$rsUsers = mysqli_query($con,"SELECT * FROM users WHERE username = '".$username."'");
$rsEmails = mysqli_query($con,"SELECT * FROM users WHERE email = '".$email."'");
$numUsers = mysqli_num_rows($rsUsers);
$numEmails = mysqli_num_rows($rsEmails);
if($numUsers > 0 || $numEmails > 0) {
echo "User already exists";
}
else
{
$newUser= "INSERT INTO users(username,password,email) VALUES('$username','$password','$email')";
if(mysqli_query($con,$newUser))
{
echo "Account has been created<br/>";
/* header('Location: login.php'); */
}
else
{
echo "Error at adding user<br/>";
header("refresh:5;url=register.php");
}
}
}