1. 首页
  2. 问答
  3. 检查记录是否存在db - 错误显示

检查记录是否存在db - 错误显示

2010-11-30 27 views
0

如何检查用户名或电子邮件是否存在,然后将错误消息放入我的错误数组中。现在,我有:检查记录是否存在db - 错误显示

$sql = "SELECT username, email FROM users WHERE username = '" . $username . "' OR email = '" . $email . "'"; 

$query = mysql_query($sql); 

if (mysql_num_rows($query) > 0) 
{ 
echo "That username or email already exists"; 
}

但我要检查它是否是用户名或者说是存在的,然后把邮件:

错误[] =“用户名存在”; //如果用户名存在

错误[] =“电子邮件已存在”; //如果邮件已存在

怎么办?

来源

2010-11-30 Jake

+0

我闻到“SQL注入” – 2010-11-30 18:34:47

+0

根本没有,因为我有:$ username = mysql_real_escape_string($ _ POST ['username']);和电子邮件相同 – Jake 2010-11-30 18:38:46

回答

1

它会更容易,如果你只是做了一个快速的真/在SQL中检查错误并检查返回的标志。

$sql = "SELECT " 
    . "(SELECT 1 FROM `users` WHERE `username` = '" . mysql_real_escape_string($username) . "'), " 
    . "(SELECT 1 FROM `users` WHERE `email` = '" . mysql_real_escape_string($email) . "')"; 

$query = mysql_query($sql); 

if (mysql_num_rows($query) > 0) { 
    $foundFlags = mysql_fetch_assoc($query); 
    if ($foundFlags['username']) { 
    $error[] = "username is existing"; 
    } 

    if ($foundFlags['email']) { 
    $error[] = "email is existing"; 
    } 
} else { 
    // General error as the query should always return 
}

当它没有找到一个条目,它会在标志,它的值为false返回NULL,所以if状况良好。

需要注意的是,你可以概括它像这样的字段列表:

$fieldMatch = array('username' => $username, 'email' => $email); 

$sqlParts = array(); 
foreach ($fieldMatch as $cFieldName => $cFieldValue) { 
    $sqlParts[] = "(SELECT 1 FROM `users` WHERE `" . $cFieldName . "` = '" . mysql_real_escape_string($cFieldValue) . "')"; 
} 


$sql = "SELECT " . implode(", ", $sqlParts); 

$query = mysql_query($sql); 

if (mysql_num_rows($query) > 0) { 
    $foundFlags = mysql_fetch_assoc($query); 
    foreach ($foundFlags as $cFieldName => $cFlag) { 
    if ($foundFlags[$cFieldName]) { 
     $error[] = $cFieldName . " is existing"; 
    } 
    } 
} else { 
    // General error as the query should always return 
}

NB。请注意,假设所有字段都是字符串或其他字符串转义类型(例如日期/时间)。

来源

2010-11-30 18:51:45 Orbling

0

您可以获取一行并查看是否收到了您搜索的同一电子邮件或相同的用户名或两者。你可以做LIMIT 0,1,如果你可以在找到第一行匹配这个或那个之后停下来。

来源

2010-11-30 18:44:37

1

听起来就像你试图让用户知道在注册时是否已经存在用户名或电子邮件。以下是您可以执行的操作:

<?php 
//---------------------------------------- 
// Create first query 
$usernameQuery = 'SELECT username FROM users WHERE username="'.mysql_real_escape_string($username).'"'; 

//---------------------------------------- 
// Query db 
$usernameResult = mysql_query($userNameQuery); 

//---------------------------------------- 
// Check if result is empty 
if(mysql_num_rows($usernameResult) > 0){ 

    //---------------------------------------- 
    // Username already exists 
    $error[] = 'Username already exists'; 

    //---------------------------------------- 
    // Return error to user and stop execution 
    // of additional queries/code 
} else { 

    //---------------------------------------- 
    // Check if email exists 

    //---------------------------------------- 
    // Create query 
    $emailQuery = 'SELECT email FROM users WHERE email="'.mysql_real_escape_string($email).'"'; 

    //---------------------------------------- 
    // Query the db 
    $emailResult = mysql_query($emailQuery); 

    //---------------------------------------- 
    // Check if the result is empty 
    if(mysql_num_rows($emailResult) > 0){ 

    //---------------------------------------- 
    // Email already exists 
    $error[] = 'Email already exists'; 

    //---------------------------------------- 
    // Return error to user and stop execution 
    // of additional queries/code 
    } else { 

    //---------------------------------------- 
    // Continue with registration... 
    } 
} 
?>

请注意,在执行实际查询之前,您应该始终转义您的值。

其他资源:
http://us.php.net/manual/en/function.mysql-real-escape-string.php http://us.php.net/manual/en/function.mysql-escape-string.php

来源

2010-11-30 18:48:49

相关问题

 相关问题