我这是注册用户的一些代码。该代码有效,并添加了一个新用户。但它似乎忽略了必须检查是否已经有用户名或电子邮件注册的用户的部分。
<?php
// Include database connection and functions here.
include 'db_connect.php';
include 'functions.php';
// The hashed password from the form
$password = $_POST['p'];
// Create a random salt
$random_salt = hash('sha512', uniqid(mt_rand(1, mt_getrandmax()), true));
// Create salted password (Careful with the chilli)
$password = hash('sha512', $password.$random_salt);
$username = $_POST['username'];
$email = $_POST['email'];
$result = mysqli_query($con,"SELECT * FROM members
WHERE username='$username'");
$username_check = mysqli_fetch_array($result);
$result_email = mysqli_query($con,"SELECT * FROM members
WHERE email='$email'");
$email_check = mysqli_fetch_array($result_email);
if ($username == $username_check['username']){
mysqli_close();
header("..\..\..\?error12");
exit;
}else{
if($email == $email_check['email']){
mysqli_close();
header("..\..\..\?error13");
exit;
}else{
if ($insert_stmt = $mysqli->prepare("INSERT INTO members (username, email, password, salt) VALUES (?, ?, ?, ?)")){
$insert_stmt->bind_param('ssss', $username, $email, $password, $random_salt);
// Execute the prepared query.
$insert_stmt->execute();
header("Location: '..\..\..\?success=1'");
}else{
header("Location: '..\..\..\?registrationfailed=1'");
}}}?>
答案 0 :(得分:1)
试试这个
$result = mysqli_query($con,"SELECT * FROM members WHERE username='$username'";
if(mysqli_num_rows($result) == 0){
//This means no match was found in the database then proceed
$insert_stmt = $mysqli->prepare("INSERT INTO members (username, email, password, salt) VALUES (?, ?, ?, ?)")){
$insert_stmt->bind_param('ssss', $username, $email, $password, $random_salt);
// Execute the prepared query.
$insert_stmt->execute();
header("Location: '..\..\..\?success=1'");
}else{
//This username already exists
mysqli_close();
header("..\..\..\?error12");
exit;
}
以上也可以用来检查用户的电子邮件