我不知道我在做什么错,无论用户名是否存在,它都会插入用户输入。
<?php
include_once 'dbh.inc.php';
$first = $_POST['First'];
$last = $_POST['Last'];
$email = $_POST['Email'];
$username = $_POST['Username'];
$password = $_POST['Password'];
$queryUser = "SELECT FROM users WHERE username = '$username';";
$result = mysqli_num_rows($queryUser);
if ($result >= 1){
echo "Username is already taken!";
} else {
$sql = "INSERT INTO users (user_first, user_last, user_email, user_uid, user_pwd) VALUES ('$first', '$last', '$email', '$username', '$password');";
mysqli_query($conn, $sql);
header("location:../index.php?signup=success");
}
?>
答案 0 :(得分:1)
您必须执行查询。
此外,您的查询有语法错误。您必须指定至少一个要选择的值。
$queryUser = mysqli_query($conn, "SELECT 1 FROM users WHERE username = '$username';");
此外,您应该使用准备好的语句和mysqli_stmt_bind_param()来防止SQL注入。