我不知道如何检查数据库中是否已存在电子邮件。 (MySQL)
我需要检查代码。 (我输入这个是因为我在stackoverflow发布中需要更多字符)
如果您有帮助,我会很高兴的。
是的,我必须输入更多字符。
PHP:
<?php
if(!empty($_POST["register-user"])) {
/* Form Required Field Validation */
foreach($_POST as $key=>$value) {
if(empty($_POST[$key])) {
$error_message = "Trebuie sa completezi tot.";
break;
}
}
/* Password Matching Validation */
if($_POST['password'] != $_POST['confirm_password']){
$error_message = 'Parolele trebuie sa fie la fel!<br>';
}
/* Email Validation */
if(!isset($error_message)) {
if (!filter_var($_POST["userEmail"], FILTER_VALIDATE_EMAIL)) {
$error_message = "Adresa invalida de email.";
}
}
/* Validation to check if gender is selected */
if(!isset($error_message)) {
if(!isset($_POST["gender"])) {
$error_message = "Toate campurile sunt obligatorii!";
}
}
/* Validation to check if Terms and Conditions are accepted */
if(!isset($error_message)) {
if(!isset($_POST["terms"])) {
$error_message = "Trebuie sa accepti termenii si conditiile!";
}
}
if(!isset($error_message)) {
require_once("dbcontroller.php");
$db_handle = new DBController();
$query = "INSERT INTO utilizatori (user_name, first_name, last_name, password, email, gender) VALUES
('" . $_POST["userName"] . "', '" . $_POST["firstName"] . "', '" . $_POST["lastName"] . "', '" . md5($_POST["password"]) . "', '" . $_POST["userEmail"] . "', '" . $_POST["gender"] . "')";
$result = $db_handle->insertQuery($query);
if(!empty($result)) {
$error_message = "";
$success_message = "Te-ai inregistrat cu succes!";
unset($_POST);
} else {
$error_message = "Problema cu inregistrarea,contacteaza administratorii!";
}
}
}
?>```
答案 0 :(得分:0)
您可以将INSERT INTO .. VALUES
语句转换为INSERT INTO SELECT ...
与email != '" . $_POST["userEmail"] . "'
INSERT INTO utilizatori (user_name, first_name, last_name, password, email, gender)
SELECT
'" . $_POST["userName"] . "', '" . $_POST["firstName"] . "', '" . $_POST["lastName"] . "',
'" . md5($_POST["password"]) . "', '" . $_POST["userEmail"] . "', '" . $_POST["gender"] . "'
FROM utilizatori
WHERE email != '" . $_POST["userEmail"] . "'
我不知道如何在php中防止注入,但至少在数据库中,我们将SQL语句保留在过程/函数内部,以防止注入。