PHP MySql-检查值是否存在 [英] PHP MySql - Check if value exists

问题描述

需要检查MySql表中是否同时存在EMAIL_ADDRESS和ACTIVATION_CODE，如果是，则返回"Code is valid"，否则返回"Code is NOT valid".

Need to check if both the EMAIL_ADDRESS and ACTIVATION_CODE exist within a MySql Table, if so return "Code is valid",else "Code is NOT valid".

目前，它总是返回无效的代码，但是我检查了表中的记录，并且所查询的代码确实存在.

At present it's always returning code not valid, however I've checked the record in the table and the queried code does exist.

$email = $_POST['email'];
$acticode = $_POST['code'];


$result = mysql_query("SELECT * FROM xActivate WHERE EMAIL_ADDRESS='$email' AND ACTIVATION_CODE='$acticode' LIMIT 1");

 if (mysql_fetch_row($result)) {
    echo 'Code is valid';
} else {
    echo 'Code is NOT valid';
}

推荐答案

但是此代码不安全:

$email = $_POST['email'];
$acticode = $_POST['code'];


$result = mysql_query("SELECT * FROM xActivate WHERE EMAIL_ADDRESS='$email' AND ACTIVATION_CODE='$acticode' LIMIT 1");
$data = mysql_fetch_row($result);
 if (mysql_num_rows($result) > 0) {
    echo 'Code is valid';
} else {
    echo 'Code is NOT valid';
}

要保护和防止SQL注入，请执行以下操作:

To secure and prevent SQL Injection:

$email = mysql_real_escape_string($_POST['email']);
$acticode = mysql_real_escape_string($_POST['code']);

请注意:

http://ca1.php.net/mysql_real_escape_string

警告

此扩展自PHP 5.5.0起不推荐使用，以后将被删除.相反，MySQLi或PDO_MySQL扩展名应为 用过的.另请参见MySQL:选择API指南和相关的常见问题解答以获取更多信息 信息.此功能的替代方法包括:

This extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQL extension should be used. See also MySQL: choosing an API guide and related FAQ for more information. Alternatives to this function include:

    mysqli_real_escape_string()
    PDO::quote()

这篇关于PHP MySql-检查值是否存在的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！