1. 首頁
  2. 問答
  3. 我在哪裏可以插入這段代碼?

我在哪裏可以插入這段代碼?

2012-04-23 50 views
0

我對PHP很新。下面的代碼已經從我在網上找到的大量教程拼湊在一起,它的工作方式是我想要的。我收到了來自我的導師的電子郵件,要求我們添加防止重複輸入電子郵件地址的代碼。我有需要添加的代碼,但我不知道應該去哪裏。我在哪裏可以插入這段代碼?

這裏是現有代碼:

<? 
include('config.php'); 

// table name 
$tbl_name=temp_members; 

// Random confirmation code 
$confirm_code=md5(uniqid(rand())); 

// values sent from form 
$email=$_POST['email']; 
$password=$_POST['password']; 
$firstname=$_POST['firstName']; 
$lastname=$_POST['lastName']; 

// Insert data into database 
$sql="INSERT INTO $tbl_name(confirm_code, email, password, firstname,  lastname)VALUES('$confirm_code', '$email', '$password', '$firstname', '$lastname')"; 
$result=mysql_query($sql); 



// if suceesfully inserted data into database, send confirmation link to email 
if($result){ 

// ---------------- SEND MAIL FORM ---------------- 

// send e-mail to ... 
$to=$email; 

// Your subject 
$subject="Francis Flower confirmation link"; 

// From 
$headers="from: Francis Flower Admin <[email protected]>"; 
$headers .= "MIME-Version: 1.0\r\n"; 
$headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n"; 

// Your message 
$message = '<html><head>'; 
$message .= '<style type="text/css"> 
         body { 
          font-family: Helvetica,   Arial; 
         } 
         .center { 
          text-align: left; 
         } 
         </style>'; 
$message .= '<body><div class="center"><img src="http://www.jblanksby.yourwebsolution.net/images/logo.png"/>'; 
$message .= "<p>Dear " .$_POST['firstName']. "&nbsp;" .$_POST['lastName'].", </p>"; 
$message .= '<p>Thank you for signing up for an account at Francis Flower. </p>'; 
$message .= '<p>Your new account details are below: </p>'; 
$message .= "<p>Email Address: ".$_POST['email']. "</p>"; 
$message .= "<p>Password: " .$_POST['password']. "</p>"; 
$message .= "<p>Before you can login, you need to activate your account using the link below:</p>"; 
$message .= "<p>Click on this link to activate your account</p>"; 
$message .= "<p>http://jblanksby.yourwebsolution.net/confirmation.php?passkey=$confirm_code</p>"; 
$message .= '</div></body></html>'; 

// send email 
$sentmail = mail($to,$subject,$message,$headers); 

} 

// if not found 
else { 
echo "Not found your email in our database"; 
} 

// if your email succesfully sent 
if($sentmail){ ?> 
echo "Mail has been sent"; 
} else { 
echo "Mail has not been sent"}; 
?>

這裏是捕捉重複的電子郵件的代碼,我想包括在上面的代碼:

$query = "SELECT * FROM $tbl_name WHERE email = '{$email}'"; 

$result = mysql_query($query); 

if (mysql_num_rows ($result) > 1) 
{ 
    /* Username already exists */ 
    echo 'Username already exists'; 
} 
else 
{ 
    /* Username doesn't exist */ 
    /* .. insert query */ 
}

任何這助教將是巨大的!

來源

2012-04-23 blanksby

回答

0

它應該放在您做INSERT聲明之前。

請注意,您的腳本容易受到SQL注入攻擊。至少,叫mysql_real_escape_string()$_POST輸入值:

// Get email from the form before checking if it was already inserted 
// you don't need the other form values yet... 
$email = mysql_real_escape_string($_POST['email']); 

$query = "SELECT * FROM $tbl_name WHERE email = '{$email}'"; 
$result_eml = mysql_query($query); 

// Added some error checking here to make sure the query succeeded 
// Also here, check for > 0, not > 1 -- you want to find out if 1 or more rows exist, not that 2 or more exist... 
if ($result_eml && mysql_num_rows ($result_eml) > 0) 
{ 
    /* Username already exists */ 
    echo 'Username already exists'; 
} 
else if (!$result) { 
    // error in query 
} 
else 
{ 

    // table name 
    $tbl_name=temp_members; 

    // Random confirmation code 
    $confirm_code=md5(uniqid(rand())); 

    // Other values sent from form 
    $password = mysql_real_escape_string($_POST['password']); 
    $firstname = mysql_real_escape_string($_POST['firstName']); 
    $lastname = mysql_real_escape_string($_POST['lastName']); 

    // Insert data into database 
    $sql="INSERT INTO $tbl_name(confirm_code, email, password, firstname,  lastname)VALUES('$confirm_code', '$email', '$password', '$firstname', '$lastname')"; 
    $result=mysql_query($sql); 

    // etc.... 

}

我不能肯定,如果這一項轉讓或用於生產代碼,但我會補充說,它是向用戶發送的密碼非常糟糕的主意通過電子郵件。電子郵件基本上就像明信片一樣 - 除非您使用加密技術(現在幾乎沒有人在這種情況下)發送它,它可以由任何服務器管理員沿着從發送點到接收點的網絡路徑進行讀取。

來源

2012-04-23 12:29:45

+0

這是一個分配和我們的老師要我們通過電子郵件發送的所有帳戶的詳細信息,並準確地解釋了你上面說的。但是,謝謝你的提醒! – blanksby 2012-04-23 12:40:01

0

有幾件事情你可以做。你可以在數據庫上放置一個unquie鍵,在插入重複行時會給你一個mysql錯誤。

您也可以在使用當前數據插入數據之前檢查數據庫,以確保在插入之前沒有任何行返回。

這些只是您可以使用的一些想法。

此外,檢查出using PDO

來源

2012-04-23 12:40:38

相關問題

 相關問題