如何检查数据库中是否已存在电子邮件并拒绝注册?
MySQL是教给我的人,我目前正在使用MySQLi。
以下是我目前正在使用MySQLi的代码:
onNewIntent (with FLAG_ACTIVITY_SINGLE_TOP)答案 0 :(得分:1)
尽管使用mysqli,您的代码仍然容易受到sql注入,因为您直接在sql语句中嵌入变量 - 使用预准备语句来避免令人讨厌的意外。以下内容未经过测试,但应说明如何使用预准备语句。有更好的方法可以对密码进行哈希处理 - 例如password_hash和password_verify,尽管这些在5.5之前的PHP版本中不可用
$response=array();
$cookie_name='loggedin';
$dbhost = 'localhost';
$dbuser = 'root';
$dbpwd = '';
$dbname = 'scholarcaps';
$db = new mysqli( $dbhost, $dbuser, $dbpwd, $dbname );
if( isset( $_POST['login'] ) ) {
$user = $_POST['username'];
$pass = $_POST['password'];
$phash = sha1( sha1( $pass . "salt" ) . "salt" );
$sql='select `username`, `password` from `users` where `username`=? and `password`=?';
$stmt=$db->prepare( $sql );
if( $stmt ){
$stmt->bind_param( 'ss', $username, $phash );
$result=$stmt->execute();
if( !$result ) $response[]='Query failed';
$stmt->store_result();
$stmt->bind_result( $name, $pwd );
$stmt->fetch();
if( $stmt->num_rows()==0 ) $response[]='No such user';
else {
$stmt->free_result();
$stmt->close();
$db->close();
setcookie( $cookie_name, $user, time() + 180, "/" );
exit( header( "Location: personal.php" ) );
}
$stmt->free_result();
$stmt->close();
$db->close();
/* show errors */
if( !empty( $response ) ){
echo '<ul><li>',implode('</li><li>',$response),'</li></ul>';
}
}
} elseif( $_POST['register'] ){
$user = $_POST['username'];
$email = $_POST['email'];
$pass = $_POST['password'];
$phash = sha1( sha1( $pass . "salt" ) . "salt" );
/* Does the email address already exist? */
$emailfound=false;
$sql='select `email` from `users` where `email`=?';
$stmt=$db->prepare( $sql );
if( $stmt ){
$stmt->bind_param('s',$email);
$result=$stmt->execute();
if( $result ){
$stmt->store_result();
$stmt->bind_result( $emailfound );
$stmt->fetch();
$stmt->free_result();
}
}
if( $emailfound ){
echo 'Sorry, that email address already exists in our database. Please try again with a different address.';
$stmt->close();
$db->close();
} else {
/* the `id` should be automatically generated I assume - hence being omitted here */
$sql='insert into `users` (`email`, `username`, `password`) values (?,?,?);';
$stmt=$db->prepare( $sql );
if( $stmt ){
$stmt->bind_param( 'sss', $email, $username, $phash );
$result=$stmt->execute();
$stmt->free_result();
$stmt->close();
$db->close();
if( $result ) header('Location: login.php');
else{
/* failed to register the user */
}
}
}
}
答案 1 :(得分:0)
我通过设置具有唯一属性的电子邮件列解决了此问题。注册提交后,您可以抓住mysqli_errno()。所以你会看到是否有重复的条目。
您将使用此解决方案保存检查查询。
答案 2 :(得分:-1)
试试这个,
在sha1
$result = mysql_query("select COUNT(id) from users where email='".$email."'");
$count = mysqli_num_rows($result);
if($count > 0){
echo "email exist";
}else
{
$sql = "INSERT INTO users (id, email, username, password) VALUES ('','$email', '$user', '$phash');";
$result = mysqli_query($conn, $sql);
}
答案 3 :(得分:-1)
如果您不想与电子邮件匹配,只需确保存在电子邮件地址即可...
$sql = "SELECT * FROM users WHERE username='$user' AND password='$phash' AND email<>'';";
或者,指定最小长度......
$sql = "SELECT * FROM users WHERE username='$user' AND password='$phash' AND LEN(email) > 0;";
答案 4 :(得分:-1)
使用此php函数获取db
中的记录计数$count=mysqli_num_rows($result)
检查后大于0或