1. 首頁
  2. 問答
  3. 檢查記錄是否存在db - 錯誤顯示

檢查記錄是否存在db - 錯誤顯示

2010-11-30 51 views
0

如何檢查用戶名或電子郵件是否存在,然後將錯誤消息放入我的錯誤數組中。現在,我有:檢查記錄是否存在db - 錯誤顯示

$sql = "SELECT username, email FROM users WHERE username = '" . $username . "' OR email = '" . $email . "'"; 

$query = mysql_query($sql); 

if (mysql_num_rows($query) > 0) 
{ 
echo "That username or email already exists"; 
}

但我要檢查它是否是用戶名或者說是存在的,然後把郵件:

錯誤[] =「用戶名存在」; //如果用戶名存在

錯誤[] =「電子郵件已存在」; //如果郵件已存在

怎麼辦?

來源

2010-11-30 Jake

+0

我聞到「SQL注入」 – 2010-11-30 18:34:47

+0

根本沒有,因爲我有:$ username = mysql_real_escape_string($ _ POST ['username']);和電子郵件相同 – Jake 2010-11-30 18:38:46

回答

1

它會更容易,如果你只是做了一個快速的真/在SQL中檢查錯誤並檢查返回的標誌。

$sql = "SELECT " 
    . "(SELECT 1 FROM `users` WHERE `username` = '" . mysql_real_escape_string($username) . "'), " 
    . "(SELECT 1 FROM `users` WHERE `email` = '" . mysql_real_escape_string($email) . "')"; 

$query = mysql_query($sql); 

if (mysql_num_rows($query) > 0) { 
    $foundFlags = mysql_fetch_assoc($query); 
    if ($foundFlags['username']) { 
    $error[] = "username is existing"; 
    } 

    if ($foundFlags['email']) { 
    $error[] = "email is existing"; 
    } 
} else { 
    // General error as the query should always return 
}

當它沒有找到一個條目,它會在標誌,它的值爲false返回NULL,所以if狀況良好。

需要注意的是,你可以概括它像這樣的字段列表:

$fieldMatch = array('username' => $username, 'email' => $email); 

$sqlParts = array(); 
foreach ($fieldMatch as $cFieldName => $cFieldValue) { 
    $sqlParts[] = "(SELECT 1 FROM `users` WHERE `" . $cFieldName . "` = '" . mysql_real_escape_string($cFieldValue) . "')"; 
} 


$sql = "SELECT " . implode(", ", $sqlParts); 

$query = mysql_query($sql); 

if (mysql_num_rows($query) > 0) { 
    $foundFlags = mysql_fetch_assoc($query); 
    foreach ($foundFlags as $cFieldName => $cFlag) { 
    if ($foundFlags[$cFieldName]) { 
     $error[] = $cFieldName . " is existing"; 
    } 
    } 
} else { 
    // General error as the query should always return 
}

NB。請注意,假設所有字段都是字符串或其他字符串轉義類型(例如日期/時間)。

來源

2010-11-30 18:51:45 Orbling

0

您可以獲取一行並查看是否收到了您搜索的同一電子郵件或相同的用戶名或兩者。你可以做LIMIT 0,1,如果你可以在找到第一行匹配這個或那個之後停下來。

來源

2010-11-30 18:44:37

1

聽起來就像你試圖讓用戶知道在註冊時是否已經存在用戶名或電子郵件。以下是您可以執行的操作:

<?php 
//---------------------------------------- 
// Create first query 
$usernameQuery = 'SELECT username FROM users WHERE username="'.mysql_real_escape_string($username).'"'; 

//---------------------------------------- 
// Query db 
$usernameResult = mysql_query($userNameQuery); 

//---------------------------------------- 
// Check if result is empty 
if(mysql_num_rows($usernameResult) > 0){ 

    //---------------------------------------- 
    // Username already exists 
    $error[] = 'Username already exists'; 

    //---------------------------------------- 
    // Return error to user and stop execution 
    // of additional queries/code 
} else { 

    //---------------------------------------- 
    // Check if email exists 

    //---------------------------------------- 
    // Create query 
    $emailQuery = 'SELECT email FROM users WHERE email="'.mysql_real_escape_string($email).'"'; 

    //---------------------------------------- 
    // Query the db 
    $emailResult = mysql_query($emailQuery); 

    //---------------------------------------- 
    // Check if the result is empty 
    if(mysql_num_rows($emailResult) > 0){ 

    //---------------------------------------- 
    // Email already exists 
    $error[] = 'Email already exists'; 

    //---------------------------------------- 
    // Return error to user and stop execution 
    // of additional queries/code 
    } else { 

    //---------------------------------------- 
    // Continue with registration... 
    } 
} 
?>

請注意,在執行實際查詢之前,您應該始終轉義您的值。

其他資源:
http://us.php.net/manual/en/function.mysql-real-escape-string.php http://us.php.net/manual/en/function.mysql-escape-string.php

來源

2010-11-30 18:48:49

相關問題

 相關問題