我需要帮助人员...我正在尝试检查用户名是否已经退出数据库。已经使用mysqli轻松完成了这项工作,但我正在尝试使用Prepared Statement保护我的所有数据库查询。
以下是Mysqli和预备声明的代码。
<?php
ini_set('display_errors', 0);
ini_set('log_errors',1);
error_reporting(E_ALL);
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
// start session
session_start();
// include connection
require_once('include/connection.php');
// if user is loggin, redirected to homepage
if(isset($_SESSION['user_type'])){
header('Location: index.php');
}
$error[] = "";
if(isset($_POST['submit'])) {
$firstname = trim($_POST['firstname']);
$lastname = trim($_POST['lastname']);
$user_type = $_POST['user_type'];
$user_name = trim($_POST['user_name']);
$email = trim($_POST['email']);
$password = trim($_POST['password']);
$confirm_password = trim($_POST['confirm_password']);
// $password = mysqli_real_escape_string($con, trim($_POST['password'], ENT_QUOTES, 'UTF-8'));
// $confirm_password = mysqli_real_escape_string($con, trim($_POST['confirm_password'], ENT_QUOTES, 'UTF-8'));
// password hash security
$hash_pass = password_hash($password, PASSWORD_BCRYPT);
extract($_POST);
// validate form field
if (empty($firstname)){
$error[] = 'Field empty, please enter your first name';
}else{
if (strlen($firstname) < 3){
$error[] = 'First Name is too short';
}
}
// check if name only contains letters and whitespace
if (!preg_match("/^[a-zA-Z ]*$/",$firstname)) {
$error[] = "Only letters and white space allowed";
}
if (empty($lastname)){
$error[] = 'Field empty, please enter your last name';
}else{
if (strlen($lastname) < 3){
$error[] = 'Last Name is too short';
}
}
// check if name only contains letters and whitespace
if (!preg_match("/^[a-zA-Z ]*$/",$lastname)) {
$error[] = "Only letters and white space allowed";
}
if (empty($user_name)){
$error[] = 'Field empty, please enter your username';
}else{
if (strlen($user_name) < 3){
$error[] = 'UserName is too short';
}
}
//if( $query = "select * from user where user_name = "."'".trim($user_name)."'" );
// $result = mysqli_query($con,$query);
// if(mysqli_num_rows($result)){
// $error[] = "User Name Already Exist, try other";
// header('Location: '.$_SERVER['PHP_SELF']);
// }
/* create a prepared statement */
if($stmt = mysqli_prepare($con, "SELECT user_name FROM user WHERE user_name = ?"));
// $stmt = mysqli_query($con, $query);
/* bind param variables */
mysqli_stmt_bind_param($stmt, 's', $user_name);
/* execute statement */
mysqli_stmt_execute($stmt);
/* store result */
// mysqli_stmt_store_result($stmt);
/* num rows */
if(mysqli_stmt_num_rows($stmt) > 0) {
$error[] = "User Name Already Exist, try other";
header('Location: '.$_SERVER['PHP_SELF']);
}
//}
// validate user type option
if (empty($user_type)){
$error[] = 'Please select user type from list';
}
// set email filter validation
if (empty($email)){
$error[] = 'Field empty, please enter your email address';
}else {
$query = "select * from user where email = "."'".trim($email)."'";
$result = mysqli_query($con,$query);
if(mysqli_num_rows($result) == 1){
$error[] = "Chosen email Already Exist, please choose another ";
// header('Location: '.$_SERVER['PHP_SELF']);
}
// check if e-mail address is well-formed
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$error[] = "Invalid email format";
}
}
if (empty($password)){
$error[] = 'Field empty, please create a password';
}else{
if (strlen($password) < 6){
$error[] = 'Password is too short';
}
if (strlen($password) > 15){
$error[] = 'Password is too long';
}
if ( !preg_match("#[A-Z]+#", $password) ) {
$error[] = "Password must include at least one CAPS! ";
}else{
if( !preg_match("#[0-9]+#", $password) ) {
$error[] = "Password must include at least one NUMBER! ";
}
}
}
// set field validation for confirm password
if (empty($confirm_password)){
$error[] = 'Field empty, please confirm your password';
}else{
if ($password != $confirm_password) {
$error[] = 'Error... Passwords do not match';
}
}
//if no errors have been created carry on
if(!isset($error)){
$created_at = date('Y-m-d');
$queryInsert = "insert into user
(firstname,lastname,user_name,
user_type,email,password,
created_at)
values ('$firstname','$lastname','$user_name',
'$user_type','$email','$hash_pass',
'$created_at')";
$resInsert = mysqli_query($con,$queryInsert);
if($resInsert){
$_SESSION['main_notice'] = "Successfully registered, login here!";
header('Location: index.php');
exit;
}else{
$_SESSION['main_notice'] = "Some error, try again";
header('Location: '.$_SERVER['PHP_SELF']);
}
}
//}
}
// exit mysqli connection
// title page
$title = "Registration Page";
// include header
require_once('include/header.php');
?>
<?php
if(isset($_SESSION['main_notice'])) {
?>
<div class="main-notice">
<p>
<?php
echo $_SESSION['main_notice'];
//unset($_SESSION['main_notice']);
?>
</p>
</div>
<?php
}
?>
<div>
<?php
//check for any errors
if(isset($error)){
foreach($error as $error){
echo '<p style="color: red">'.$error.'</p>';
}
}
?>
<form name="register" action="<?php echo htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8'); ?>" method="post">
<table>
<tr>
<td>First Name</td>
<td><input type="text" name="firstname" value='<?php if(isset($error)){ echo $_POST['firstname']; } ?>'</td>
</tr>
<tr>
<td>Last Name</td>
<td><input type="text" name="lastname" value='<?php if(isset($error)){ echo $_POST['lastname']; } ?>'</td>
</tr>
<tr>
<td>User Name</td>
<td><input type="text" name="user_name" value='<?php if(isset($error)){ echo $_POST['user_name']; } ?>'></td>
</tr>
<tr>
<td>User Type</td>
<td>
<select name="user_type" required>
<option selected>Please choose user type</option>
<option value="member">RSW</option>
<option value="admin">Admin</option>
<option value="leader">SP</option>
</select>
</td>
</tr>
<tr>
<td>Email</td>
<td><input type="email" name="email" value='<?php if(isset($error)){ echo $_POST['email']; } ?>'</td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name="password" id="password" value='<?php if(isset($error)) ?>'></td>
</tr>
<tr>
<td>Confirm Password:</td>
<td><input type="password" name="confirm_password" id="confirm_password" value='<?php if(isset($error)) ?>'></td>
</tr>
<tr>
<td><input type="submit" name="submit" value="Register"></td>
</tr>
<tr>
<td></td>
<td><a href="index.php">Login</a></td>
</tr>
</table>
</form>
</div>
<?php
if(is_file('include/footer.php'))
include_once('include/footer.php');
?>
注释掉mysqli。我没有收到错误,但表格没有执行,也不确定是做错了什么。
愿你能看到我看不到的东西。 注意还注释掉了mysqli_stmt_store_result,因为我看不出那是真的。
谢谢我提前。
答案 0 :(得分:-1)
您使用了预准备语句,为什么要将mysqli.*与您执行的所有查询结合起来。您可以根据正常的预准备语句流程更好地更改查询。
您可以使用num_rows,以便它可以帮助您获取上面执行的查询计数。
像这样替换你的预备声明:
<?php
$stmt = mysqli_prepare($con, "SELECT user_name FROM user WHERE user_name = ?");
$stmt -> bind_param("s", $user_name);// Here you will bind the parameters
$stmt -> execute(); // here it will execute the statement
$numberofrows = $stmt->num_rows; // here if will fetch the count
if($numberofrows > 0) {
$error[] = "User Name Already Exist, try other";
header('Location: '.$_SERVER['PHP_SELF']);
}
else
{
// This part is for user name mot present.
}
?>
你可以有这样的Mysqli方式。
<?php
$stmt = mysqli_prepare($con, "SELECT user_name FROM user WHERE user_name = '".$user_name."'");
$stmt->execute(); // here it will execute the statement
$numberofrows = $stmt->num_rows; // here if will fetch the count
if($numberofrows > 0) {
$error[] = "User Name Already Exist, try other";
header('Location: '.$_SERVER['PHP_SELF']);
}
else
{
// if the user name is not present
}
?>