PHP MySql-检查值是否存在 [英] PHP MySql - Check if value exists
问题描述
需要检查MySql表中是否同时存在EMAIL_ADDRESS
和ACTIVATION_CODE
,如果是,则返回"Code is valid"
,否则返回"Code is NOT valid"
.
Need to check if both the EMAIL_ADDRESS
and ACTIVATION_CODE
exist within a MySql Table, if so return "Code is valid"
,else "Code is NOT valid"
.
目前,它总是返回无效的代码,但是我检查了表中的记录,并且所查询的代码确实存在.
At present it's always returning code not valid, however I've checked the record in the table and the queried code does exist.
$email = $_POST['email'];
$acticode = $_POST['code'];
$result = mysql_query("SELECT * FROM xActivate WHERE EMAIL_ADDRESS='$email' AND ACTIVATION_CODE='$acticode' LIMIT 1");
if (mysql_fetch_row($result)) {
echo 'Code is valid';
} else {
echo 'Code is NOT valid';
}
推荐答案
但是此代码不安全:
$email = $_POST['email'];
$acticode = $_POST['code'];
$result = mysql_query("SELECT * FROM xActivate WHERE EMAIL_ADDRESS='$email' AND ACTIVATION_CODE='$acticode' LIMIT 1");
$data = mysql_fetch_row($result);
if (mysql_num_rows($result) > 0) {
echo 'Code is valid';
} else {
echo 'Code is NOT valid';
}
要保护和防止SQL注入,请执行以下操作:
To secure and prevent SQL Injection:
$email = mysql_real_escape_string($_POST['email']);
$acticode = mysql_real_escape_string($_POST['code']);
请注意:
http://ca1.php.net/mysql_real_escape_string
警告
此扩展自PHP 5.5.0起不推荐使用,以后将被删除.相反,MySQLi或PDO_MySQL扩展名应为 用过的.另请参见MySQL:选择API指南和相关的常见问题解答以获取更多信息 信息.此功能的替代方法包括:
This extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQL extension should be used. See also MySQL: choosing an API guide and related FAQ for more information. Alternatives to this function include:
mysqli_real_escape_string()
PDO::quote()
这篇关于PHP MySql-检查值是否存在的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!