我的PHP注册脚本出现问题,如果用户存在,首先会检查。
它总是输出“false”。
<?php
$username = $_GET['username'];
$passwort = $_GET['passwort'];
$database = @mysql_connect("***********", "********", "******") or die("Can't connect to the server. Error: ".mysql_error());
//$username = mysql_real_escape_string($username);
$passwort = hash("sha256", $passwort);
$numrows = mysql_query("SELECT * FROM *******.mikgames WHERE username='".$username."' LIMIT 1");
$checkuserexists = mysql_num_rows($numrows);
if($checkuserexists==0) {
$abfrage = mysql_query("INSERT INTO *******.mikgames (username,passwort) VALUES ('$username', '$passwort')");
echo'true';
}
else {
echo'false';
}
?>
编辑:现在我使用MySQLi,我已将代码更改为:
<?php
$username = $_GET['username'];
$passwort = $_GET['passwort'];
$con = mysqli_connect('************','******','******') or die(mysqli_error());
mysqli_select_db($con, "*******") or die("cannot select DB");
$passwort = hash("sha256", $passwort);
$query = mysqli_query($con,"SELECT * FROM *******.mikgames WHERE username='".$username."'");
$result = mysqli_num_rows($query);
if($result==0) {
$abfrage = mysqli_query($con, "INSERT INTO ********.mikgames (username,passwort) VALUES ('$username', '$passwort')");
$result = mysqli_query($con,$abfrage);
echo 'true';
}
else {
echo 'false';
}
?>
它有效。
答案 0 :(得分:1)
您可以更好地采用PDO驱动程序并采用OOP方法; PDO通过允许安全参数绑定来调用安全性,并使用SQL首选函数。
在pdo_driver.php文件中:
namespace ProjectName\App\Drivers;
if(!defined('IN_PROJECTNAME'))
{
die('No Script Kiddies Please...');
}
interface EntityContainer
{
public function query($statement, array $values = array());
}
class Entity extends \PDO implements EntityContainer
{
public function __construct(
$dsn = 'mysql:host=XXXX;dbname=XXXX', $user = 'XXXX', $pass = 'XXXX'
) {
try {
parent::__construct($dsn,$user,$pass);
} catch (PDOException $ex) {
die('FATAL ERROR: ' . $ex->getMessage());
}
}
public function query(
$statement, array $values = array()
) {
$smpt = parent::Prepare($statement);
(empty($values)) ? $smpt->execute() : $smpt->execute($values);
return $smpt;
}
}
在任何其他php文件中:
define('IN_PROJECTNAME', 0);
require_once dirname(__FILE__) . '/path/to/pdo_driver.php';
$container = array();
$container['Connection'] = new ProjectName\App\Drivers\Entity();
$username = $_GET['username'];
$passwort = $_GET['passwort'];
if(empty($container['Connection']->query('SELECT passwort FROM ******.mikgames WHERE username = ?', [$username])->fetch()['passwort'])) {
$container['Connection']->query('INSERT INTO ******.mikgames (username,passwort) VALUES (?, ?)', [$username,$passwort]);
}
答案 1 :(得分:0)
两个因素:
您需要添加错误输出以进行调试:
$query = mysqli_query($con,"SELECT * FROM <tablename> WHERE
username='".$username."'") or die(mysqli_error($con));
到目前为止,我无法看到您在此处显示的信息出现明显错误,因此您还应该检查$username的值是什么以及它与数据库中的值的拟合程度。还要阅读并了解错误输出告诉您的内容。
你的问题是你在这里运行/表达两次查询:
if($result==0) {
$abfrage = mysqli_query($con, "INSERT INTO ********.mikgames
(username,passwort) VALUES ('$username', '$passwort')");
$result = mysqli_query($con,$abfrage);
您看到$abfrage是MySQL结果对象,然后您将其插回到MySQL查询调用中,并使用变量声明$result。所以你的结果是查询查询。这是一个错误。
您可能想要做的是使用MySQLi_affected_rows来计算已插入的行数并运行相应的IF子句:
if($result==0) {
$abfrage = mysqli_query($con, "INSERT INTO ********.mikgames
(username,passwort) VALUES ('$username', '$passwort')");
$result = mysqli_affected_rows($con);
echo 'true';
}
else {
echo 'false';
}
答案 2 :(得分:0)
使用@mysql _ *****作为你的ptoject。
$sql="SELECT * FROM table_name";
$result=@mysql_query($sql, $conn);
while ($name = @ mysql_fetch_array($result)){
echo $name ['username'];
}
您刚刚使用了简单的mysql _ ***