我正在尝试创建一个简单的注册页面,用户使用用户名,电子邮件,密码和性别进行注册。我在某种程度上偶然发现了一些问题,我制作的代码似乎让用户注册了已存在的用户名或电子邮件。我试图在我的代码中阻止这一点,但它似乎没有效果。
我做错了什么?
以下是整个代码:
<?php
session_start();
if (isset($_SESSION['user'])!="") {
header("Location: index.php");
}
include 'includes/config.php';
if(isset($_POST['btn-signup'])) {
$username = strip_tags($_POST['username']);
$username = strtolower($_POST['username']);
$email = filter_var($_POST['email'],FILTER_SANITIZE_EMAIL);
$email = filter_var($email,FILTER_VALIDATE_EMAIL);
$email = strip_tags($_POST['email']);
$password = strip_tags($_POST['password']);
$current_time = strtotime("now");
$username = $con->real_escape_string($username);
$gender = $con->real_escape_string($_POST["gender"]);
$email = $con->real_escape_string($email);
$password = $con->real_escape_string($password);
$hashed_password = password_hash($password, PASSWORD_DEFAULT); // this function works only in PHP 5.5 or latest version
$check_username = $con->query("SELECT * FROM users WHERE username='$username' LIMIT 1");
$check_email = $con->query("SELECT * FROM users WHERE email='$email' LIMIT 1");
if(count($_POST)>0) {
if(!isset($msg)) {
}
if($_POST['username'] === $check_username){
$msg = 'Username already exists<br>';
}
if($_POST['email'] === $check_email){
$msg = 'Email already exists<br>';
}
if($_POST['password'] != $_POST['confirm_password']){
$msg = 'Password doesnt match<br>';
}
if(!isset($msg)) {
if (!filter_var($_POST["email"], FILTER_VALIDATE_EMAIL)) {
$msg = "Invalid e-mail";
}
}
if(!isset($msg)) {
if(!isset($_POST["gender"])) {
$msg = " Gender field is required";
}
}
}
if(!isset($msg)) {
$query = "INSERT INTO users(username,email,password,gender,joined) VALUES('$username','$email','$hashed_password','$gender','$current_time')";
if(mysqli_query($con, $query)){
$msg = "You have registered successfully!";
} else{
$msg = "Could not register your account. Try Again!";
}
}
}
$con->close();
?>
<!DOCTYPE html>
<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
<title>Register</title>
</head>
<body>
<div class="signin-form">
<div class="container">
<form class="form-signin" id="register-form" method="post" name="register-form">
<h2 class="form-signin-heading">Sign Up</h2>
<hr>
<?php
if (isset($msg)) {
echo $msg;
}
?>
<div class="form-group">
<input class="form-control" name="username" placeholder="Username" required="" type="text">
</div>
<div class="form-group">
<input class="form-control" name="email" placeholder="Email address" required="" type="email"> <span id="check-e"></span>
</div>
<div class="form-group">
<input class="form-control" name="password" placeholder="Password" required="" type="password">
</div>
<div class="form-group">
<input class="form-control" name="confirm_password" placeholder="Confirm password" required="" type="password">
</div>
<div class="form-group">
<select class="form-control" id="gender" name="gender">
<option disabled hidden="" selected>
Select
</option>
<option>
Male
</option>
<option>
Female
</option>
</select>
</div>
<hr>
<div class="form-group">
<button class="btn btn-default" name="btn-signup" type="submit"><span class="glyphicon glyphicon-log-in"></span> Create Account</button> <a class="btn btn-default" href="index.php" style="float:right;">Log In Here</a>
</div>
</form>
</div>
</div>
</body>
</html>
答案 0 :(得分:-1)
问题是你没有从sql结果中获取结果。
因此$con->query($sqlQuery);将返回PDOStatement对象。您无法将此类对象与字符串进行比较。所以首先你需要提取字符串。这将是这样的:
$check_username_result = $con->query("SELECT * FROM users WHERE username='$username' LIMIT 1")
$check_username = $check_username_result->fetch_array()[0];
$ check_username现在将保存用户名的值,您可以像对待它一样进行比较。