Question

我正在使用mysqli创建用户注册系统我想验证用户名和电子邮件是否已经注册，但之前仅使用电子邮件它现在已经工作我添加了用户名错误可以帮助我。以下是我尝试使用现有用户名和电子邮件注册时获得的内容

Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, null given in /home/u676515643/public_html/alter_signup.php on line 51
That emailaddress has already been registered.

PHP

<?php

include($root . 'database_connection.php');
if (isset($_POST['formsubmitted'])) {
    $error = array(); //Declare An Array to store any error message
    if (empty($_POST['username'])) { //if no name has been supplied
        $error[] = 'Please Enter a Username '; //add to array "error"
    } else {
        $username = $_POST['username']; //else assign it a variable
    }

    if (empty($_POST['email'])) {
        $error[] = 'Please Enter your Email ';
    } else {

        if (preg_match("/^([a-zA-Z0-9])+([a-zA-Z0-9\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\._-]+)+$/",
            $_POST['email'])) {
            //regular expression for email validation
            $email = $_POST['email'];
        } else {
            $error[] = 'Your EMail Address is invalid  ';
        }

    }

    if (empty($_POST['password'])) {
        $error[] = 'Please Enter Your Password ';
    } else {
        $password = $_POST['password'];
    }

    if (empty($error)) //send to Database if there's no error '

    { // If everything's OK...

        // Make sure the email address is available:
        $query_verify_email = "SELECT * FROM users  WHERE email ='$email'";
        $result_verify_email = mysqli_query($db_conn, $query_verify_email);
        if (!$result_verify_email) { //if the Query Failed ,similar to if($result_verify_email==false)
            echo ' Database Error Occured ';
        }


        // Make sure the usernaame is available:
        $query_verify_user = "SELECT * FROM users  WHERE username ='$username'";
        $result_verify_user = mysqli_query($db_conn, $query_verify_user);
        if (!$result_verify_user) { //if the Query Failed ,similar to if($result_verify_user==false)
            echo ' Database Error Occured ';
            }

if (mysqli_num_rows($result_verify_users) == 0) { 



        if (mysqli_num_rows($result_verify_email) == 0) { 
         // IF no previous user is using this email .


            // Create a unique  activation code:
            $activation = md5(uniqid(rand(), true));

            $query_insert_user = "INSERT INTO `users` ( `username`, `password`, `email`, `active`) VALUES ( '$username', '$password', '$email', '$activation')";

            $result_insert_user = mysqli_query($db_conn, $query_insert_user);
            if (!$result_insert_user) {
                echo 'Query Failed ';
            }

            if (mysqli_affected_rows($db_conn) == 1) { //If the Insert Query was successfull.

                // Send the email:
                $message = " To activate your account, please click on this link:\n\n";
                $message .= WEBSITE_URL . '/activate.php?email=' . urlencode($email) . "&key=$activation";
                mail($email, 'Registration Confirmation', $message, 'From:'.EMAIL);

                // Flush the buffered output.

                // Finish the page:
                echo '<div class="success">Thank you for
registering! A confirmation email
has been sent to ' . $email .
                    ' Please click on the Activation Link to Activate your account </div>';

            } else { // If it did not run OK.
                echo '<div class="errormsgbox">You could not be registered due to a system
error. We apologize for any
inconvenience.</div>';
            }

        } else { // The email address is not available.
            echo '<div class="errormsgbox" >That emailaddress has already been registered.</div>';
     }

}else { // The username is not available.
            echo '<div class="errormsgbox" >The username has already been taken.</div>';
   }

    } else { //If the "error" array contains error msg , display them

        echo '<div class="errormsgbox"> <ol>';
        foreach ($error as $key => $values) {

            echo '  <li>' . $values . '</li>';

        }
        echo '</ol></div>';

    }

    mysqli_close($db_conn); //Close the DB Connection

} // End of the main Submit conditional.

?>

Answer 1

在第51行，你应该使用：

if (mysqli_num_rows($result_verify_user) == 0) {

而不是：

if (mysqli_num_rows($result_verify_users) == 0) {

Answer 2

您调用变量＆＃34; $ result_verify_user＆＃34;，然后尝试从第51行的不同命名的，未声明的变量＆＃34; $ result_verify_user s 获取行计数

此外，不要直接在SQL查询中使用从用户传递的变量，您应该事先将它们转义，否则人们可以执行SQL注入。例如，某人制作了用户名＆＃34;＆＃39; DELETE * FROM users; bill＆＃39;＆＃34;，您丢失了用户表。您可以轻松解决此问题，请查看here。

最后，PHP有更好的内置方法来检查电子邮件地址是否有效，你可能想要使用这样的东西：

$isValidEmail = filter_var($address, FILTER_VALIDATE_EMAIL);

filter_var docs here：https://secure.php.net/filter_var

Answer 3

您应该让数据库处理查找数据集是否已存在的任务。

在两列上创建唯一索引＆＃34;用户名＆＃34;和＆＃34;电子邮件＆＃34;。这将防止任何用户名重复，以及任何电子邮件。

只需尝试插入新用户数据，然后等待报告任何MySQL错误。除了由于SQL拼写错误等导致的任何意外错误外，预期的错误将是重复键错误，错误号为1062.请参阅Handle error for duplicate entries - PHP MySQL（并且不要使用那里提到的旧mysql函数）

Answer 4

检查出来：http://php.net/manual/en/filter.examples.sanitization.php

在我看来，这似乎更有效率。我希望这会有所帮助。

Mysqli用户名和电子邮件验证php

4 个答案: