Android应用程序:当人们注册

时间:2017-07-31 21:25:35

标签: java php android mysql

我有一个允许技术人员注册的移动应用程序,我想防止重复的电子邮件地址和手机号码,我在我的php文件中写了这段代码

<?php
require "config.php";

$name = $_POST['name'];

$password = $_POST['userpass'];
$emailadd = $_POST['emailadd'];
$phone = $_POST['phone'];
$category = $_POST['category'];
$token = $_POST['token'];

$username = stripslashes($username);
$password = stripslashes($password);

$sql_get_email= "SELECT * FROM technician where emailadd ='$emailadd';";

$result1 = mysqli_query($db, $sql_get_email);

 $row = mysqli_fetch_array($result1,MYSQLI_ASSOC);


      $count = mysqli_num_rows($result);

      // If result matched $myusername and $mypassword, table row must be 1 row

      if($count >0) {
         echo  "Email already exists in our database";

die();
}
 else {
    $mysql_get_phone = "SELECT * FROM technician where mobile ='$phone';";

$result1 = mysqli_query($db, $sql_get_email);

 $row = mysqli_fetch_array($result1,MYSQLI_ASSOC);


      $count = mysqli_num_rows($result);

      // If result matched $myusername and $mypassword, table row must be 1 row

      if($count >0) {
         echo  "Pnone number already exists in our database";

die();

}

else {

$sql = "INSERT INTO technician (name, emailadd, password, mobile, category, fcm_key)
VALUES ('$name',  '$emailadd', '$password','$phone', '$category','$token')";

if ($db->query($sql) === TRUE) {
    echo "New record created successfully";
} else {
    echo "Error: " . $sql . "<br>" . $db->error;
}
}}
$db->close();
?>

我从BackgroundTask.java中摘录了一下以检查注册结果

@Override
protected void onPostExecute(String result) {
    if (result.equals("Email already exists in our database")) {

    final Dialog dialog = new Dialog(ctx);
    dialog.setContentView(R.layout.dialog_second);
    dialog.setTitle("ERROR");
    dialog.setCancelable(true);
    //set up text
    TextView text = (TextView) dialog.findViewById(R.id.TextView01);
    text.setText(result);

    //set up button
    Button button = (Button) dialog.findViewById(R.id.btnOk);

    button.setOnClickListener(new View.OnClickListener() {
        @Override
        public void onClick(View v) {
            dialog.dismiss();
        }

    });
    //now that the dialog is set up, it's time to show it
    dialog.show();
} else  if (result.equals("Pnone number already exists in our database")) {

    final Dialog dialog = new Dialog(ctx);
    dialog.setContentView(R.layout.dialog_second);
    dialog.setTitle("ERROR");
    dialog.setCancelable(true);
    //set up text
    TextView text = (TextView) dialog.findViewById(R.id.TextView01);
    text.setText(result);

    //set up button
    Button button = (Button) dialog.findViewById(R.id.btnOk);

    button.setOnClickListener(new View.OnClickListener() {
        @Override
        public void onClick(View v) {
            dialog.dismiss();
        }

    });
    //now that the dialog is set up, it's time to show it
    dialog.show();
}else
if (result.equals("Registration Success...")) {
    Toast.makeText(ctx, "Registration Successful......Please login", Toast.LENGTH_LONG).show();


    Intent intent = new Intent(ctx, Login.class);
    ctx.startActivity(intent);

我发现即使重复输入,注册也总是成功。

的config.php 

<?php
   define('DB_SERVER', 'localhost');
   define('DB_USERNAME', 'proartisan_dbadmin');
   define('DB_PASSWORD', 'YYYYYYYYY');
   define('DB_DATABASE', 'XXXXXXXXX');
   $db = mysqli_connect(DB_SERVER,DB_USERNAME,DB_PASSWORD,DB_DATABASE);
?>

1 个答案:

答案 0 :(得分:0)

所以这是我的详细答案。

config.php 

<?php
   define('DB_SERVER', 'localhost');
   define('DB_USERNAME', 'proartisan_dbadmin');
   define('DB_PASSWORD', 'YYYYYYYYY');
   define('DB_DATABASE', 'XXXXXXXXX');
   $db = new mysqli(DB_SERVER, DB_USERNAME, DB_PASSWORD, DB_DATABASE);
?>

主要php 

<?php
require "config.php";

$name = $_POST['name'];

$password = $_POST['userpass'];
$emailadd = $_POST['emailadd'];
$phone = $_POST['phone'];
$category = $_POST['category'];
$token = $_POST['token'];

$username = stripslashes($username);
$password = stripslashes($password);

if ($db->connect_error) {

die("Connection failed: " . $db->connect_error);

}

$sql_get_email= "SELECT * FROM technician where emailadd =$emailadd";

$stmt=$conn->prepare($sql_get_email);
$stmt->execute();
$stmt->store_result();
$stmt->fetch();
$count=$stmt->num_rows();

      // If result matched $myusername and $mypassword, table row must be 1 row

      if($count >0) {
         echo  "Email already exists in our database";
         $stmt->close();
         die();
}
 else {
    $mysql_get_phone = "SELECT * FROM technician where mobile =$phone";

    $stmt=$conn->prepare($mysql_get_phone);
    $stmt->execute();
    $stmt->store_result();
    $stmt->fetch();
    $count=$stmt->num_rows();


    // If result matched $myusername and $mypassword, table row must be 1 row

      if($count >0) {
         echo  "Pnone number already exists in our database";
         $stmt->close();
         die();
      }
}
else {

$sql = "INSERT INTO technician (name, emailadd, password, mobile, category, fcm_key)
VALUES (?, ?, ?, ?, ?, ?)";

$stmt=$conn->prepare($sql);
$stmt->bind_param('ssssss', $name, $emailadd, $password, $phone, $category, $token);

if($stmt->execute()){
  echo "New record created successfully";
}else{
  echo "Error: " . $sql . "<br>" . $stmt->error;
}

$stmt->close();
$db->close();
}}
?>

因此,使用 mysqli 预备语句可以避免 SQL注入以及电子邮件电话< / strong> alerady存在 echo 关闭连接以避免出现问题。

相关问题
最新问题