0
我已經寫了這段代碼,它的工作是添加用戶,但對於重複的用戶,它再次保存了相同用戶名的值。如果用戶名已被佔用,我想給彈出消息。我是初學者,請幫忙。驗證用戶名不工作
<?php
ob_start();
include("db.php");
if(isset($_POST['send'])!="") {
$username = mysqli_real_escape_string($con, $_POST['username']);
$usermail = mysqli_real_escape_string($con, $_POST['usermail']);
$usermobile = mysqli_real_escape_string($con, $_POST['usermobile']);
$bool = true;
$con = mysqli_connect("localhost","root","","demo");
$result = mysqli_query("SELECT `username` FROM `sample` WHERE username = '$username'");
if(mysqli_num_rows($result)>0)
{
Print '<script>alert("Username has been taken!");</script>';
}
if ($bool) {
$inssql = "insert into sample set
username = '" . $username . "',
emailid = '" . $usermail . "',
mobileno = '" . $usermobile . "',
created = now()";
$update = mysqli_query($con, $inssql);
}
}
如果用戶名應該是唯一的,則應該在數據庫的該列上設置唯一索引。而你的'SELECT'查詢應該只查找具有該用戶名的行,而不是所有的行。 – jeroen
在將數據插入數據庫之前,如果count大於0,請檢查用戶是否存在顯示錯誤消息或者插入用戶 – Sona
您的腳本處於[SQL注入攻擊]風險中(http://stackoverflow.com/questions/60174/how-can-i-prevent-sql -injection-in-php) 看看發生了什麼事[Little Bobby Tables](http://bobby-tables.com/)即使 [如果你是它不安全!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) 使用[編寫參數化語句](http:///php.net/manual/en/mysqli.quickstart.prepared-statements.php) – RiggsFolly