Question

我正在开展一个项目，我被困在注册页面上。我想验证是否：

手机号码已存在。
用户名已存在。
电子邮件ID已存在。

目前在我的代码中我添加了手机号码的验证，它运行正常。但用户名和电子邮件部分我不了解如何实现它。请帮我解决我的问题。

这是我的代码。

<?php
$msg = '';
if(isset($_POST['register']))
{
    $uname = (!empty($_POST['username']))?$_POST['username']:null;
    $pass = (!empty($_POST['pass']))?$_POST['pass']:null;
    $cpass = (!empty($_POST['cpass']))?$_POST['cpass']:null;
    $fname = (!empty($_POST['fname']))?$_POST['fname']:null;
    $lname = (!empty($_POST['lname']))?$_POST['lname']:null;
    $email = (!empty($_POST['email']))?$_POST['email']:null;
    $mobile = (!empty($_POST['mobile']))?$_POST['mobile']:null;

if($uname == '' || $pass == '' || $cpass == '' || $fname == '' || $lname == '' || $email == '' || $mobile == ''){
    $msg = "<font color='red'>Fields cannot be empty</font>";
}else if(strlen($uname)<5){
    $msg = "<font color='red'>Username must be at least 5 characters long</font>";
}else if(strlen($pass)<6 && strlen($cpass)<6){
    $msg = "<font color='red'>Password must be at least 6 characters long</font>";
}else if($pass != $cpass){
    $msg = "<font color='red'>Passwords are not matching</font>";
}else if(!is_numeric($mobile)){
    $msg = "<font color='red'>Mobile number should contain only numbers</font>";
}else if(strlen($mobile)<10){
    $msg = "<font color='red'>Mobile number should be at least 10 characters long</font>";
}else{

        $query = "SELECT user_mobile FROM user_reg WHERE user_mobile = '".$mobile."'";
        $query1 = mysql_query($query) or die(mysql_error());
        $num_rows = mysql_num_rows($query1);
        $row = mysql_fetch_array($query1);

        if($num_rows > 0)
        {
          $msg = "<font color='red'>Mobile number already exists. Please try again...</font>";
        }
else{
    $str = "INSERT INTO user_reg(user_email, user_uname, user_pass, user_fname, user_lname, user_mobile)VALUES('$email','$uname','$pass','$fname','$lname','$mobile')";
    $sql = mysql_query($str) or die(mysql_error());

if($sql){
    $msg = "<font color='green'>Regstration successfull. Please Login to use your account.</font>";
    }else{
    $msg = "<font color='red'>Sorry.. There are some errors. Please fix them before you continue.</font>";
   }
  }
 }
}
?>

HTML部分。

<div class="reg-box"><br />
  <center>
    <?php echo $msg; ?>
  </center>
  <form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
    <div>
      <label>Username</label>
      <input type="text" name="username" value="" class="a-text" />
    </div>
    <div>
      <label>Password</label>
      <input type="password" name="pass" value="" class="a-text" />
    </div>
    <div>
      <label>Confirm Password</label>
      <input type="password" name="cpass" value="" class="a-text" />
    </div>
    <div>
      <label>First Name</label>
      <input type="text" name="fname" value="" class="a-text" />
    </div>
    <div>
      <label>Last Name</label>
      <input type="text" name="lname" value="" class="a-text" />
    </div>
    <div>
      <label>Email</label>
      <input type="email" name="email" value="" class="a-text" />
    </div>
    <div>
      <label>Mobile</label>
      <input type="text" name="mobile" value="" class="a-text" maxlength="10" />
    </div>
    <input type="submit" name="register" value="Register" class="button" id="button-left" />
  </form>
</div>

我该怎么做才能添加用户名和电子邮件验证？请帮帮我朋友。

Answer 1

评论中已经说明您的代码使用起来不安全。

使用prepared statements和现代password hashing方法。

查阅我的脚注。

要回答这个问题，请使用以下内容：

$query = "SELECT * FROM user_reg 
WHERE user_mobile = '".$mobile."'

AND user_email = '$email' 
AND user_uname = '$uname' 

";

这将符合所有条件。
您可以使用OR或其混合来分隔条件，以便检查“任何”条件。我会让你决定应该满足哪些条件。

<强>脚注：

您目前的代码向SQL injection开放。使用mysqli with prepared statements或PDO with prepared statements，它们更安全。

密码：

我注意到您可能以纯文本格式存储密码。如果是这种情况，则非常气馁。

但是我还没有使用我稍后会使用的MD5加密。

另外，您提到要在通讯中使用MD5。 不要使用它。它已经过时，不再可以安全地用作密码哈希/存储方法。

我建议您使用CRYPT_BLOWFISH或PHP 5.5的password_hash()功能。对于PHP＆lt; 5.5使用password_hash() compatibility pack。

Answer 2

@Jha，看来你很困惑。我知道，有点奇怪。但如果我是你，我会过去：

<?php
$msg = '';

if (isset($_POST['register'])) {

    $uname  = (!empty($_POST['username'])) ? $_POST['username'] : null;
    $pass   = (!empty($_POST['pass'])) ? $_POST['pass'] : null;
    $cpass  = (!empty($_POST['cpass'])) ? $_POST['cpass'] : null;
    $fname  = (!empty($_POST['fname'])) ? $_POST['fname'] : null;
    $lname  = (!empty($_POST['lname'])) ?$_POST['lname'] : null;
    $email  = (!empty($_POST['email'])) ?$_POST['email'] : null;
    $mobile = (!empty($_POST['mobile'])) ?$_POST['mobile'] : null;

    if ($uname == '' || $pass == '' || $cpass == '' || $fname == '' || $lname == '' || $email == '' || $mobile == '') {
        $msg = "<font color='red'>Fields cannot be empty</font>";

    } else if (strlen($uname) < 5) {
        $msg = "<font color='red'>Username must be at least 5 characters long</font>";

    } else if (strlen($pass) < 6 && strlen($cpass) < 6) {
        $msg = "<font color='red'>Password must be at least 6 characters long</font>";

    } else if ($pass != $cpass) {
        $msg = "<font color='red'>Passwords are not matching</font>";

    } else if (!is_numeric($mobile)) {
        $msg = "<font color='red'>Mobile number should contain only numbers</font>";

    } else if (strlen($mobile) < 10) {
        $msg = "<font color='red'>Mobile number should be at least 10 characters long</font>";

    } else {
        //query for mobile validation
        $m_sql      = "SELECT user_mobile FROM user_reg WHERE user_mobile = '".$mobile."'";
        $m_query    = mysql_query($m_sql) or die(mysql_error());
        $m_num_rows = mysql_num_rows($m_query);
        $m_row      = mysql_fetch_array($m_query);

        //query for username validation
        $u_sql      = "SELECT user_mobile FROM user_reg WHERE user_mobile = '".$uname."'";
        $u_query    = mysql_query($u_sql) or die(mysql_error());
        $u_num_rows = mysql_num_rows($u_query);
        $u_row      = mysql_fetch_array($u_query);

        //query for email validation
        $e_sql      = "SELECT user_email FROM user_reg WHERE user_mobile = '".$email."'";
        $e_query    = mysql_query($e_sql) or die(mysql_error());
        $e_num_rows = mysql_num_rows($e_query);
        $e_row      = mysql_fetch_array($e_query);

        if ($m_num_rows > 0) {
            $msg = "<font color='red'>Mobile number already exists. Please try again...</font>";

        } else if ($u_num_rows > 0) {
            $msg = "<font color='red'>Username already exists. Please choose a unique one...</font>";

        } else if ($e_num_rows > 0) {
            $msg = "<font color='red'>Email already exists. Please choose a unique one...</font>";

        } else {
            $str = "INSERT INTO user_reg(user_email, user_uname, user_pass, user_fname, user_lname, user_mobile)VALUES('$email','$uname','$pass','$fname','$lname','$mobile')";
            $sql = mysql_query($str) or die(mysql_error());

            if ($sql) {
                $msg = "<font color='green'>Regstration successfull. Please Login to use your account.</font>";
            } else {
                $msg = "<font color='red'>Sorry.. There are some errors. Please fix them before you continue.</font>";
            }
        }
    }
}

＆GT;

Answer 3

除了修复代码以使其不易受SQL注入攻击之外，您应该更改查询以使用OR运算符同时检查所有三个输入。

$query = "SELECT * FROM user_reg WHERE user_mobile = '".$mobile."' OR user_uname = '".$uname."' OR user_email = '".$email."'";

然后，如果你有任何点击，你可以查看它是什么：

if($query1->num_rows > 0){
        while($field = $query1->fetch_assoc()){
            if($field['user_mobile'] === $mobile){
                 $msg = $msg . "<font color='red'> Mobile number already exists. Please try again...</font>";
            }
            if($field['user_email'] === $email){
                $msg = $msg . "<font color='red'> Email already exists. Please choose a unique one...</font>";
            }
            if($field['user_uname'] === $uname){
                 $msg = $msg . "<font color='red'> Username already exists. Please choose a unique one...</font>";
            }
        }
    }

但与其他人说的一样，您将要切换到使用MySQLi或PDO_MySQL

来自数据库的PHP验证

3 个答案: