检查电子邮件已经存在
如何检查电子邮件的数据库已经存在,并拒绝注册?检查电子邮件已经存在
的MySQL是一个教我,我目前使用的MySQLi墙上。
这里是我目前正在使用库MySQLi的代码:
<?php
$cookie_name = "loggedin";
$servername = "localhost";
$username = "root";
$password = "";
$database = "scholarcaps";
$conn = mysqli_connect($servername, $username, $password, $database);
if (!$conn) {
die("Database connection failed: ".mysqli_connect_error());
}
if (isset($_POST['login']))
{
$user = $_POST['username'];
$pass = $_POST['password'];
$phash = sha1(sha1($pass."salt")."salt");
$sql = "SELECT * FROM users WHERE username='$user' AND password='$phash';";
$result = mysqli_query($conn, $sql);
$count = mysqli_num_rows($result);
if ($count == 1)
{
$cookie_value = $user;
setcookie($cookie_name, $cookie_value, time() + (180), "/");
header("Location: personal.php");
}
else
{
echo "Username or password is incorrect!";
}
}
else if (isset($_POST['register']))
{
$user = $_POST['username'];
$email = $_POST['email'];
$pass = $_POST['password'];
$phash = sha1(sha1($pass."salt")."salt");
$sql = "INSERT INTO users (id, email, username, password) VALUES ('','$email', '$user', '$phash');";
$result = mysqli_query($conn, $sql);
}
?>
尽管使用mysqli
你的代码仍然容易受到SQL注入,你直接在SQL语句中嵌入的变量 - 使用准备好的语句,避免讨厌的惊喜。以下内容未经测试,但应显示如何使用预准备语句。有散列密码,更好的方式 - 如password_hash也password_verify虽然这些现有不可在PHP版本5.5
$response=array();
$cookie_name='loggedin';
$dbhost = 'localhost';
$dbuser = 'root';
$dbpwd = '';
$dbname = 'scholarcaps';
$db = new mysqli($dbhost, $dbuser, $dbpwd, $dbname);
if(isset($_POST['login'])) {
$user = $_POST['username'];
$pass = $_POST['password'];
$phash = sha1(sha1($pass . "salt") . "salt");
$sql='select `username`, `password` from `users` where `username`=? and `password`=?';
$stmt=$db->prepare($sql);
if($stmt){
$stmt->bind_param('ss', $username, $phash);
$result=$stmt->execute();
if(!$result) $response[]='Query failed';
$stmt->store_result();
$stmt->bind_result($name, $pwd);
$stmt->fetch();
if($stmt->num_rows()==0) $response[]='No such user';
else {
$stmt->free_result();
$stmt->close();
$db->close();
setcookie($cookie_name, $user, time() + 180, "/");
exit(header("Location: personal.php"));
}
$stmt->free_result();
$stmt->close();
$db->close();
/* show errors */
if(!empty($response)){
echo '<ul><li>',implode('</li><li>',$response),'</li></ul>';
}
}
} elseif($_POST['register']){
$user = $_POST['username'];
$email = $_POST['email'];
$pass = $_POST['password'];
$phash = sha1(sha1($pass . "salt") . "salt");
/* Does the email address already exist? */
$emailfound=false;
$sql='select `email` from `users` where `email`=?';
$stmt=$db->prepare($sql);
if($stmt){
$stmt->bind_param('s',$email);
$result=$stmt->execute();
if($result){
$stmt->store_result();
$stmt->bind_result($emailfound);
$stmt->fetch();
$stmt->free_result();
}
}
if($emailfound){
echo 'Sorry, that email address already exists in our database. Please try again with a different address.';
$stmt->close();
$db->close();
} else {
/* the `id` should be automatically generated I assume - hence being omitted here */
$sql='insert into `users` (`email`, `username`, `password`) values (?,?,?);';
$stmt=$db->prepare($sql);
if($stmt){
$stmt->bind_param('sss', $email, $username, $phash);
$result=$stmt->execute();
$stmt->free_result();
$stmt->close();
$db->close();
if($result) header('Location: login.php');
else{
/* failed to register the user */
}
}
}
}
试试这个, 添加此代码后sha1
$result = mysql_query("select COUNT(id) from users where email='".$email."'");
$count = mysqli_num_rows($result);
if($count > 0){
echo "email exist";
}else
{
$sql = "INSERT INTO users (id, email, username, password) VALUES ('','$email', '$user', '$phash');";
$result = mysqli_query($conn, $sql);
}
我设置我的电子邮件列解决了这个问题具有独特的属性。注册后提交你可以赶上mysqli_errno()
。所以你会看到是否有重复的条目。
您将节省检查查询这个解决方案。
实施此方法时,您需要考虑到所有关键违规都会触发相同的错误代码,并且没有内置的坚固实用的方法来查明它是哪个关键字。如果有几个候选人(这似乎是这种情况,因为我认为'用户名'也必须是唯一的),您将不得不乱搞解析错误消息来提取密钥名称。 –
如果你不想匹配的电子邮件,你只是想确保电子邮件地址存在,你能...
$sql = "SELECT * FROM users WHERE username='$user' AND password='$phash' AND email<>'';";
,或者指定一个最小长度...
$sql = "SELECT * FROM users WHERE username='$user' AND password='$phash' AND LEN(email) > 0;";
使用这个PHP函数获取记录腠在DB NT
$count=mysqli_num_rows($result)
检查后,大于0或不
做检查查询是否EMAILADDRESS已经存在。在你的代码中实现这个查询,你就完成了。 – Natrium
是你的电子邮件地址=用户名? – Ish
你是否得到了这个答案? –