<?php
if(isset($_POST['name_signup'])) {
if($_POST['pass_signup']==$_POST['pass_a_signup']){
$select=mysql_num_rows(mysql_query("SELECT * FROM users WHERE nick='".$_POST['nick_signup']."'"));
if($select=!0){
$name=$_POST['name_signup'];
$secondname=$_POST['secondname_signup'];
$nick=$_POST['nick_signup'];
$pass=$_POST['pass_signup'];
$mail=$_POST['email_signup'];
$passx=md5(md5($pass));
include 'db.php';
mysql_query("INSERT INTO users(firstname,secondname,nick,pass,email,date)VALUE('".$name."','".$secondname."','".$nick."','".$passx."','".$mail."',NOW())");
echo "Succesfully Signed up";
echo'<meta http-equiv="refresh" content="3;URL=../index.php">';
}else {
echo "Username used";
echo'<meta http-equiv="refresh" content="3;URL=../index.php?page=signup">';
}
}
else{
echo'Passwords do not match';
echo'<meta http-equiv="refresh" content="1;URL=../index.php?page=signup">';
}
}
else {
echo'<meta http-equiv="refresh" content="0;URL=../index.php">';
}
?>
答案 0 :(得分:1)
不推荐使用mysql扩展程序,您应该停止使用它。而是尝试mysqli或PDO。
您的代码中存在错误:
if($select=!0){
你应该这样纠正:
if($select!=0){
再次,停止使用mysql。并开始使用预准备语句或您的代码存在SQL注入的危险
答案 1 :(得分:0)
请不要使用mysql_ ()使用mysqli _ ()作为mysql _ *()折旧
将此if($select=!0){更新为"if($select > 0){"或
$qry = mysql_query("SELECT * FROM users WHERE nick= '".$_POST['nick_signup']."' ");
$select=mysql_num_rows(
$qry);
if($select > 0){