您的位置: 首页  >  技术问答  >  检查电子邮件已经存在

检查电子邮件已经存在

分类: 技术问答 2022-05-29 12:27:38
问题描述:

如何检查电子邮件的数据库已经存在,并拒绝注册?检查电子邮件已经存在

的MySQL是一个教我,我目前使用的MySQLi墙上。

这里是我目前正在使用库MySQLi的代码:

<?php 
$cookie_name = "loggedin"; 

$servername = "localhost"; 
$username = "root"; 
$password = ""; 
$database = "scholarcaps"; 
$conn = mysqli_connect($servername, $username, $password, $database); 

if (!$conn) { 
    die("Database connection failed: ".mysqli_connect_error()); 
} 

if (isset($_POST['login'])) 
{ 
    $user = $_POST['username']; 
    $pass = $_POST['password']; 

    $phash = sha1(sha1($pass."salt")."salt"); 

    $sql = "SELECT * FROM users WHERE username='$user' AND password='$phash';"; 

    $result = mysqli_query($conn, $sql); 
    $count = mysqli_num_rows($result); 

    if ($count == 1) 
    { 
     $cookie_value = $user; 
     setcookie($cookie_name, $cookie_value, time() + (180), "/"); 
     header("Location: personal.php"); 
    } 
    else 
    { 
     echo "Username or password is incorrect!"; 
    } 
} 
else if (isset($_POST['register'])) 
{ 
    $user = $_POST['username']; 
    $email = $_POST['email']; 
    $pass = $_POST['password']; 

    $phash = sha1(sha1($pass."salt")."salt"); 

    $sql = "INSERT INTO users (id, email, username, password) VALUES ('','$email', '$user', '$phash');"; 

    $result = mysqli_query($conn, $sql); 
} 
?>
+0

做检查查询是否EMAILADDRESS已经存在。在你的代码中实现这个查询,你就完成了。 – Natrium

+0

是你的电子邮件地址=用户名? – Ish

+0

你是否得到了这个答案? –

尽管使用mysqli你的代码仍然容易受到SQL注入,你直接在SQL语句中嵌入的变量 - 使用准备好的语句,避免讨厌的惊喜。以下内容未经测试,但应显示如何使用预准备语句。有散列密码,更好的方式 - 如password_hashpassword_verify虽然这些现有不可在PHP版本5.5

$response=array(); 
$cookie_name='loggedin'; 


$dbhost = 'localhost'; 
$dbuser = 'root'; 
$dbpwd = ''; 
$dbname = 'scholarcaps'; 
$db = new mysqli($dbhost, $dbuser, $dbpwd, $dbname); 




if(isset($_POST['login'])) { 

    $user = $_POST['username']; 
    $pass = $_POST['password']; 
    $phash = sha1(sha1($pass . "salt") . "salt"); 

    $sql='select `username`, `password` from `users` where `username`=? and `password`=?'; 
    $stmt=$db->prepare($sql); 

    if($stmt){ 

     $stmt->bind_param('ss', $username, $phash); 
     $result=$stmt->execute(); 

     if(!$result) $response[]='Query failed'; 


     $stmt->store_result(); 
     $stmt->bind_result($name, $pwd); 
     $stmt->fetch(); 

     if($stmt->num_rows()==0) $response[]='No such user'; 
     else { 

      $stmt->free_result(); 
      $stmt->close(); 
      $db->close(); 

      setcookie($cookie_name, $user, time() + 180, "/"); 
      exit(header("Location: personal.php")); 
     } 


     $stmt->free_result(); 
     $stmt->close(); 
     $db->close(); 

     /* show errors */ 
     if(!empty($response)){ 
      echo '<ul><li>',implode('</li><li>',$response),'</li></ul>'; 
     } 
    } 

} elseif($_POST['register']){ 

    $user = $_POST['username']; 
    $email = $_POST['email']; 
    $pass = $_POST['password']; 
    $phash = sha1(sha1($pass . "salt") . "salt"); 



    /* Does the email address already exist? */ 

    $emailfound=false; 

    $sql='select `email` from `users` where `email`=?'; 
    $stmt=$db->prepare($sql); 
    if($stmt){ 

     $stmt->bind_param('s',$email); 
     $result=$stmt->execute(); 
     if($result){ 
      $stmt->store_result(); 
      $stmt->bind_result($emailfound); 
      $stmt->fetch(); 
      $stmt->free_result(); 
     } 
    } 

    if($emailfound){ 
     echo 'Sorry, that email address already exists in our database. Please try again with a different address.'; 
     $stmt->close(); 
     $db->close(); 

    } else { 

     /* the `id` should be automatically generated I assume - hence being omitted here */ 
     $sql='insert into `users` (`email`, `username`, `password`) values (?,?,?);'; 
     $stmt=$db->prepare($sql); 

     if($stmt){ 

      $stmt->bind_param('sss', $email, $username, $phash); 
      $result=$stmt->execute(); 

      $stmt->free_result(); 
      $stmt->close(); 
      $db->close(); 

      if($result) header('Location: login.php'); 
      else{ 
       /* failed to register the user */ 
      } 
     } 
    } 
}
+1

[passord_compat(https://github.com/ircmaxell/password_compat)由ircmaxell带来的'password_ *'功能PHP> = 5.3.7 – Neat

+0

感谢的人,这是工作,并且是病研究其它散列技术。 – DingoDile

试试这个, 添加此代码后sha1

$result = mysql_query("select COUNT(id) from users where email='".$email."'"); 
$count = mysqli_num_rows($result); 
if($count > 0){ 
    echo "email exist"; 
}else 
{ 
    $sql = "INSERT INTO users (id, email, username, password) VALUES ('','$email', '$user', '$phash');"; 
    $result = mysqli_query($conn, $sql); 
}

我设置我的电子邮件列解决了这个问题具有独特的属性。注册后提交你可以赶上mysqli_errno()。所以你会看到是否有重复的条目。

您将节省检查查询这个解决方案。

+1

实施此方法时,您需要考虑到所有关键违规都会触发相同的错误代码,并且没有内置的坚固实用的方法来查明它是哪个关键字。如果有几个候选人(这似乎是这种情况,因为我认为'用户名'也必须是唯一的),您将不得不乱搞解析错误消息来提取密钥名称。 –

如果你不想匹配的电子邮件,你只是想确保电子邮件地址存在,你能...

$sql = "SELECT * FROM users WHERE username='$user' AND password='$phash' AND email<>'';";

,或者指定一个最小长度...

$sql = "SELECT * FROM users WHERE username='$user' AND password='$phash' AND LEN(email) > 0;";

使用这个PHP函数获取记录腠在DB NT

$count=mysqli_num_rows($result)

检查后,大于0或不

相关推荐