0
我試圖檢查username是否可用,並顯示它供用戶查看他們何時檢查帳戶設置,我已完成。PHP提交問題
但當用戶試圖填寫另一場我得到的Your username is unavailable!不應彈出,因爲它的用戶username了。我想知道如何使用PHP修復此問題,以便每次用戶查看其帳戶設置時都會顯示用戶名,並且在用戶提交其他信息時不會導致問題?
這裏是PHP代碼。
if (isset($_POST['submitted'])) {
require_once '../htmlpurifier/library/HTMLPurifier.auto.php';
$config = HTMLPurifier_Config::createDefault();
$config->set('Core.Encoding', 'UTF-8');
$config->set('HTML.Doctype', 'XHTML 1.0 Strict');
$config->set('HTML.TidyLevel', 'heavy');
$config->set('HTML.SafeObject', true);
$config->set('HTML.SafeEmbed', true);
$purifier = new HTMLPurifier($config);
$mysqli = mysqli_connect("localhost", "root", "", "sitename");
$dbc = mysqli_query($mysqli,"SELECT users.*
FROM users
WHERE user_id=3");
$first_name = mysqli_real_escape_string($mysqli, $purifier->purify(htmlentities(strip_tags($_POST['first_name']))));
$username = mysqli_real_escape_string($mysqli, $purifier->purify(htmlentities(strip_tags($_POST['username']))));
if($_POST['username']) {
$u = "SELECT user_id
FROM users
WHERE username = '$username'";
$r = mysqli_query ($mysqli, $u) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($mysqli));
if (mysqli_num_rows($r) == TRUE) {
$username = NULL;
echo '<p class="error">Your username is unavailable!</p>';
} else if(mysqli_num_rows($r) == 0) {
$username = mysqli_real_escape_string($mysqli, $purifier->purify(htmlentities(strip_tags($_POST['username']))));
if ($_POST['password1'] == $_POST['password2']) {
$sha512 = hash('sha512', $_POST['password1']);
$password = mysqli_real_escape_string($mysqli, $purifier->purify(strip_tags($sha512)));
} else {
$password = NULL;
}
if($password == NULL) {
echo '<p class="error">Your password did not match the confirmed password!</p>';
} else {
if (mysqli_num_rows($dbc) == 0) {
$mysqli = mysqli_connect("localhost", "root", "", "sitename");
$dbc = mysqli_query($mysqli,"INSERT INTO users (user_id, first_name, username, password)
VALUES ('$user_id', '$first_name', '$username', '$password')");
}
if ($dbc == TRUE) {
$dbc = mysqli_query($mysqli,"UPDATE users
SET first_name = '$first_name', username = '$username', password = '$password'
WHERE user_id = '$user_id'");
echo '<p class="changes-saved">Your changes have been saved!</p>';
}
if (!$dbc) {
print mysqli_error($mysqli);
return;
}
}
}
}
}
這裏是html表單。
<form method="post" action="index.php">
<fieldset>
<ul>
<li><label for="first_name">First Name: </label><input type="text" name="first_name" id="first_name" size="25" class="input-size" value="<?php if (isset($_POST['first_name'])) { echo stripslashes(htmlentities(strip_tags($_POST['first_name']))); } else if(!empty($first_name)) { echo stripslashes(htmlentities(strip_tags($first_name))); } ?>" /></li>
<li><label for="username">UserName: </label><input type="text" name="username" id="username" size="25" class="input-size" value="<?php if (isset($_POST['username'])) { echo stripslashes(htmlentities(strip_tags($_POST['username']))); } else if(!empty($username)) { echo stripslashes(htmlentities(strip_tags($username))); } ?>" /><br /><span>(ex: CSSKing, butterball)</span></li>
<li><label for="password1">Password: </label><input type="password" name="password1" id="password1" size="25" class="input-size" value="<?php if (isset($_POST['password1'])) { echo stripslashes(htmlentities(strip_tags($_POST['password1']))); } ?>" /></li>
<li><label for="password2">Confirm Password: </label><input type="password" name="password2" id="password2" size="25" class="input-size" value="<?php if (isset($_POST['password2'])) { echo stripslashes(htmlentities(strip_tags($_POST['password2']))); } ?>" /></li>
<li><input type="submit" name="submit" value="Save Changes" class="save-button" />
<input type="hidden" name="submitted" value="true" />
<input type="submit" name="submit" value="Preview Changes" class="preview-changes-button" /></li>
</ul>
</fieldset>
</form>
當。打我吧...當然,這仍然讓我想知道爲什麼user_id是這樣硬編碼的。 – 2010-04-06 21:27:16
嘿嘿...我想他最終會從會話中獲得user_id。 – 2010-04-06 21:29:13
這可行,但'<>'這是什麼意思? – TaG 2010-04-06 21:29:47