Question

我正在尝试将我的代码更改为来自mysql的msqli预处理语句。我不知道如何调整我目前工作的代码来检查数据库中是否已有电子邮件。以下是我目前正在使用的代码。如何将其更改为准备好的语句并获得相同的结果？

//if email is equal to an email already in the database, display an error message

if(mysql_num_rows(mysql_query("SELECT * FROM users WHERE email = '".mysql_real_escape_string($_POST['email'])."'")))
{
  echo "<p class='red'>Email is already registered with us</p>";
} else {
  // missing code?
}

Answer 1

应该是这样的：

// create mysqli object
$mysqli = new mysqli(/* fill in your connection info here */);

$email = $_POST['email']; // might want to validate and sanitize this first before passing to database...

// set query
$query = "SELECT COUNT(*) FROM users WHERE email = ?"

// prepare the query, bind the variable and execute
$stmt = $mysqli->prepare( $query );
$stmt->bind_param( 's', $email );
$stmt->execute()

// grab the result
$stmt->store_result();

// get the count
$numRows = $stmt->num_rows();

if( $numRows )
{
     echo "<p class='red'>Email is already registered with us</p>";
}
else
{
    // ....
}

此链接也可以为您提供帮助：

http://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php

使用预准备语句检查数据库中是否已有电子邮件

1 个答案: