用户已被使用时,在数据库上检查PHP用户名 [英] php username check on database when user already taken
本文介绍了用户已被使用时,在数据库上检查PHP用户名的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我有一个注册系统,它可以很好地工作并保存到数据库,我在检查数据库中是否存在用户名时遇到问题.我检查数据库的脚本是错误的.有人可以帮我吗?下面是我的代码
Hi i have a registration system, and it works well and save to database, I have a problem in checking on the database for the username if already exists. My script on checking database is wrong. Can someone help me on this? Below is my code
<?php
if(empty($_POST['username'])){
$username_error = "Please Input Username";
}else{
if( 6 > mb_strlen($_POST['username']) || 20 < mb_strlen($_POST['username'])){
$username_error = "username must be at least 6 characters.";
}else{
$sql = "SELECT
members.username
FROM
members
WHERE username = $username";
$res = mysql_query($sql);
if(mysql_num_rows($res)){
$username_exists = "Username is already taken.";
}else{
$username = $_POST['username'];
}
}
}
?>
问题仅在else语句中
problem is only in the else statement
推荐答案
更改:
$sql = "SELECT
members.username
FROM
members
WHERE username = $username";
收件人:
$sql = "SELECT
members.username
FROM
members
WHERE username = '".mysql_real_escape_string($username)."'";
$users =mysql_query($sql);
if(mysql_num_rows($users )){
$username_exists = "Username is already taken.";
}{
$username = $_POST['username'];
}
请记住,您需要对用户名进行转义以避免SQL注入!并避免使用 mysql _ 函数!
Have in mind, you need to escape your user name to avoid SQL injection! And avoid using mysql_ functions!
这篇关于用户已被使用时,在数据库上检查PHP用户名的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文