Question

我坚持使用一些代码。我是新手。

如果else语句（$ uidcheck）返回false，则应执行elseif语句（$ emailcheck）。见下面的代码。

$username = $_POST['username'];
$email = $_POST['email'];
$pwd = $_POST['pwd'];

if (empty($username)) {
    header("Location: ../signup.php?error=empty");
    exit();
}
if (empty($email)) {
    header("Location: ../signup.php?error=empty");
    exit();
}
if (empty($pwd)) {
    header("Location: ../signup.php?error=empty");
    exit();

} else {
        $sql = "SELECT username FROM user WHERE username='$username'";
        $result = mysqli_query($conn, $sql);
        $uidcheck = mysqli_num_rows($result);
        if ($uidcheck > 0) {
            header("Location: ../signup.php?error=username");
            exit();

    } elseif ($uidcheck < 0) {

        $sql = "SELECT email FROM user WHERE email='$email'";
        $result = mysqli_query($conn, $sql);
        $emailcheck = mysqli_num_rows($result);
        if ($emailcheck > 0) {
            header("Location: ../signup.php?error=email");
            exit();

        } else {

            $sql = "INSERT INTO user (username, email, pwd) 
            VALUES ('$username', '$email', '$pwd')";
            $result = mysqli_query($conn, $sql);

            header("Location: ../index.php");
        }

    }
}

当电子邮件已经存在于数据库中时，它应该退出并向标题中添加一个参数。

提前致谢！

斯文

Answer 1

您的代码可以达到目的。但这还不足以读取/调试。

if( !isset($_POST["username"]) || !isset($_POST["email"]) || !isset($_POST["pwd"]) || empty($_POST["username"]) || empty($_POST["email"]) || empty($_POST["pwd"]) )
{
    header("Location: ../signup.php?error=empty");
    exit();
}
$sql = "SELECT username FROM user WHERE username='".mysqli_real_escape_string($username)."'";
$result = mysqli_query($conn, $sql);
$uidcheck = mysqli_num_rows($result);
if ($uidcheck > 0) 
{
    header("Location: ../signup.php?error=username");
    exit();
}
else 
{
    $sql = "SELECT email FROM user WHERE email='".mysqli_real_escape_string($email)."'";
    $result = mysqli_query($conn, $sql);
    $emailcheck = mysqli_num_rows($result);
    if ($emailcheck > 0) {
        header("Location: ../signup.php?error=email");
        exit();
    }
    else {
        $sql = "INSERT INTO user (username, email, pwd) 
            VALUES ('$username', '$email', '$pwd')";
        $result = mysqli_query($conn, $sql);
        header("Location: ../index.php");
    }
}

以下是建议：

始终使用isset()函数检查范围内是否声明了变量。如果＆＃34;用户名＆＃34;的值或者＆＃34;电子邮件或＆＃34; pwd＆＃34;在 POST请求中 未提交 ，您的代码将抛出致命异常并在那里停止呈现... ..
不要将用户提交的值直接放入SQL查询 ....这将使您的网络应用易受攻击至SQL Injection Attack。

Answer 2

试试这个..

您正在以错误的方式检查MySQL结果值。例如，您的数据库中已存在电子邮件，然后您的查询结果为值，那么您不能使用< or >进行检查，只需尝试使用它是空的。

$username = $_POST['username'];
$email = $_POST['email'];
$pwd = $_POST['pwd'];

if (empty($username)) {
    header("Location: ../signup.php?error=empty");
    exit();
}
if (empty($email)) {
    header("Location: ../signup.php?error=empty");
    exit();
}
if (empty($pwd)) {
    header("Location: ../signup.php?error=empty");
    exit();

} else {
    echo "Username check";
        $sql = "SELECT username FROM user WHERE username='$username'";

        $result = mysqli_query($conn, $sql);
        $uidcheck = mysqli_num_rows($result);
        if (!empty($uidcheck)) {
            header("Location: ../signup.php?error=username");
            exit();
        } elseif (empty($uidcheck)) {
            $sql = "SELECT email FROM user WHERE email='$email'";
            $result = mysqli_query($conn, $sql);
           echo $emailcheck = mysqli_num_rows($result);

        if (!empty($emailcheck)) {
                header("Location: ../signup.php?error=email");
                exit();

        } else {
            echo "asdasd";
            $sql = "INSERT INTO user (username, email, pwd) 
            VALUES ('$username', '$email', '$pwd')";
            $result = mysqli_query($conn, $sql);

            header("Location: ../index.php");
        }

    }
}

如果现有电子邮件

2 个答案: