用户已被使用时，在数据库上检查PHP用户名 [英] php username check on database when user already taken

问题描述

我有一个注册系统，它可以很好地工作并保存到数据库，我在检查数据库中是否存在用户名时遇到问题.我检查数据库的脚本是错误的.有人可以帮我吗?下面是我的代码

Hi i have a registration system, and it works well and save to database, I have a problem in checking on the database for the username if already exists. My script on checking database is wrong. Can someone help me on this? Below is my code

<?php  
   if(empty($_POST['username'])){
          $username_error = "Please Input Username";
        }else{
          if( 6 > mb_strlen($_POST['username']) || 20 < mb_strlen($_POST['username'])){
            $username_error = "username must be at least 6 characters.";
          }else{
            $sql = "SELECT
                    members.username
                    FROM
                    members
                    WHERE username = $username";
              $res = mysql_query($sql);
              if(mysql_num_rows($res)){
                $username_exists = "Username is already taken.";
              }else{
                $username = $_POST['username'];
              }
          }     
        }
?>

问题仅在else语句中

problem is only in the else statement

推荐答案

更改:

 $sql = "SELECT
                    members.username
                    FROM
                    members
                    WHERE username = $username";

收件人:

 $sql = "SELECT
                    members.username
                    FROM
                    members
                    WHERE username = '".mysql_real_escape_string($username)."'";
$users =mysql_query($sql);
if(mysql_num_rows($users )){
   $username_exists = "Username is already taken.";
}{
   $username = $_POST['username'];
}

请记住，您需要对用户名进行转义以避免SQL注入！并避免使用 mysql _ 函数！

Have in mind, you need to escape your user name to avoid SQL injection! And avoid using mysql_ functions!

这篇关于用户已被使用时，在数据库上检查PHP用户名的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！