我是SQL和php的新手,我在这里遇到了一个相当陌生的代码。我是从Youtuber得到的,它基本上是一个使用MySQLi的登录系统。
user.php的 这是我建立数据库连接并使用MySQLi查询函数的地方。
<?php
class User{
private $dbHost = "localhost";
private $dbUsername = "root";
private $dbPassword = "";
private $dbName = "regilog";
private $userTbl = "users";
public function __construct(){
if(!isset($this->db)){
// Connect to the database
$conn = new mysqli($this->dbHost, $this->dbUsername, $this->dbPassword, $this->dbName);
if($conn->connect_error){
die("Failed to connect with MySQL: " . $conn->connect_error);
}else{
$this->db = $conn;
}
}
}
/*
* Returns rows from the database based on the conditions
* @param string name of the table
* @param array select, where, order_by, limit and return_type conditions
*/
public function getRows($conditions = array()){
$sql = 'SELECT ';
$sql .= array_key_exists("select",$conditions)?$conditions['select']:'*';
$sql .= ' FROM '.$this->userTbl;
if(array_key_exists("where",$conditions)){
$sql .= ' WHERE ';
$i = 0;
foreach($conditions['where'] as $key => $value){
$pre = ($i > 0)?' AND ':'';
$sql .= $pre.$key." = '".$value."'";
$i++;
}
}
if(array_key_exists("order_by",$conditions)){
$sql .= ' ORDER BY '.$conditions['order_by'];
}
if(array_key_exists("start",$conditions) && array_key_exists("limit",$conditions)){
$sql .= ' LIMIT '.$conditions['start'].','.$conditions['limit'];
}elseif(!array_key_exists("start",$conditions) && array_key_exists("limit",$conditions)){
$sql .= ' LIMIT '.$conditions['limit'];
}
$result = $this->db->query($sql);
if(array_key_exists("return_type",$conditions) && $conditions['return_type'] != 'all'){
switch($conditions['return_type']){
case 'count':
$data = $result->num_rows;
break;
case 'single':
$data = $result->fetch_assoc();
break;
default:
$data = '';
}
}else{
if($result->num_rows > 0){
while($row = $result->fetch_assoc()){
$data[] = $row;
}
}
}
return !empty($data)?$data:false;
}
/*
* Insert data into the database
* @param string name of the table
* @param array the data for inserting into the table
*/
public function insert($data){
if(!empty($data) && is_array($data)){
$columns = '';
$values = '';
$i = 0;
if(!array_key_exists('created',$data)){
$data['created'] = date("Y-m-d H:i:s");
}
if(!array_key_exists('modified',$data)){
$data['modified'] = date("Y-m-d H:i:s");
}
foreach($data as $key=>$val){
$pre = ($i > 0)?', ':'';
$columns .= $pre.$key;
$values .= $pre."'".$val."'";
$i++;
}
$query = "INSERT INTO ".$this->userTbl." (".$columns.") VALUES (".$values.")";
$insert = $this->db->query($query);
return $insert?$this->db->insert_id:false;
}else{
return false;
}
}
}
?>
userAccount.php 这是我检查任何错误以及处理所有内容的地方。
<?php
//start session
session_start();
//load and initialize user class
ob_start();
include 'user.php';
$user = new User();
if(isset($_POST['signupSubmit'])){
//check whether user details are empty
if(!empty($_POST['first_name']) && !empty($_POST['email']) && !empty($_POST['password']) && !empty($_POST['confirm_password'])){
//password and confirm password comparison
if($_POST['password'] !== $_POST['confirm_password']){
$sessData['status']['type'] = 'error';
$sessData['status']['msg'] = 'Your passwords do not match.';
}else{
//check whether user exists in the database
$prevCon['where'] = array('email'=>$_POST['email']);
$prevCon['return_type'] = 'count';
$prevUser = $user->getRows($prevCon);
if($prevUser > 0){
$sessData['status']['type'] = 'error';
$sessData['status']['msg'] = ' email already exists, please use another email';
}else{
//insert user data in the database
$userData = array(
'first_name' => $_POST['first_name'],
'last_name' => $_POST['last_name'],
'email' => $_POST['email'],
'password' => md5($_POST['password'])
);
$insert = $user->insert($userData);
//set status based on data insert
if($insert){
$sessData['status']['type'] = 'success';
$sessData['status']['msg'] = 'You have registered successfully.';
}else{
$sessData['status']['type'] = 'error';
$sessData['status']['msg'] = 'A problem occurred,';
}
}
}
}else{
$sessData['status']['type'] = 'error';
$sessData['status']['msg'] = 'All fields are required.';
}
//store signup status into the session
$_SESSION['sessData'] = $sessData;
$redirectURL = ($sessData['status']['type'] == 'success')?'logs.php':'registration.php';
//redirect to the home/registration page
header("Location:".$redirectURL);
}elseif(isset($_POST['loginSubmit'])){
//check whether login details are empty
if(!empty($_POST['email']) && !empty($_POST['password'])){
//get user data from user class
$conditions['where'] = array(
'email' => $_POST['email'],
'password' => md5($_POST['password']),
'status' => '1'
);
$conditions['return_type'] = 'single';
$userData = $user->getRows($conditions);
//set user data and status based on login credentials
if($userData){
$sessData['userLoggedIn'] = TRUE;
$sessData['userID'] = $userData['id'];
$sessData['status']['type'] = 'success';
$sessData['status']['msg'] = 'Hello '.$userData['first_name'].'!';
}else{
$sessData['status']['type'] = 'error';
$sessData['status']['msg'] = 'Wrong email or password, please try again.';
}
}else{
$sessData['status']['type'] = 'error';
$sessData['status']['msg'] = 'Enter your email and password.';
}
//store login status into the session
$_SESSION['sessData'] = $sessData;
//redirect to the home page
ob_end_flush();
header("Location:logs.php");
}elseif(!empty($_REQUEST['logoutSubmit'])){
//remove session data
unset($_SESSION['sessData']);
session_destroy();
//store logout status into the ession
$sessData['status']['type'] = 'success';
$sessData['status']['msg'] = 'You have logout successfully from your account.';
$_SESSION['sessData'] = $sessData;
//redirect to the home page
header("Location:index.php");
}else{
//redirect to the home page
header("Location:registration.php");
}
?>
答案 0 :(得分:0)
首先,请务必清理您的输入! 不做这样的事情:
$userData = array(
'first_name' => $_POST['first_name'],
'last_name' => $_POST['last_name'],
'email' => $_POST['email'],
'password' => md5($_POST['password'])
);
$insert = $user->insert($userData);
您需要使用PDO并执行参数化查询。我将向您展示如何回答您的第一个问题,即如何检查用户名是否存在。假设你有:
$username = $_POST['username'];
要查看它是否存在,
$link = new mysqli('localhost', 'user', 'pass', 'database');
if ($stmt = mysqli_prepare($link, "SELECT * FROM table_name WHERE user_name=?")) {
mysqli_stmt_bind_param($stmt, "s", $username);
mysqli_stmt_execute($stmt);
mysqli_stmt_store_result($stmt);
if ($stmt->num_rows > 0) {
// Userid exists
}
mysqli_stmt_free_result($stmt);
mysqli_stmt_close($stmt);
}