使用PHP检查用户名是否已经存在 [英] Check if username already exists using PHP

问题描述

我想检查数据库中是否已经存在用户名.如果可以，我想重定向回到我的注册页面.我拥有的代码可以添加用户名，但不会检查用户名是否存在.请帮忙！！！这是register.php页面的代码. 该代码完全跳过了对用户名"的检查，并插入到数据库中(如果不存在).

I would like to check whether or not a username already exists in my database. If it does, I would like to redirect back to my signup page. The code I have works to add the usernames but does not check if the username exists. Please help!!! This is the code for register.php page. The code completely skips the check for the 'username' and inserts into the Database if it exists or not.

    <?php  
         error_reporting (E_ALL ^ E_NOTICE);    
         include ('dbconn.php');
         session_start();

         $GLOBALS[$error_message];
         $GLOBALS[$username];

         if(isset($_POST['submit']))
           {     
               $error = array();        
               if(empty($_POST['username']))
                 {
                   $error[] = 'Please enter a username. ';
                 }
               else 
                 {
                   $username = mysqli_real_escape_string($connection, $_POST['username']);
                 }

               if(empty($_POST['password']))
                 {
                   $error[] = 'Please enter a password. ';
                 }
               else
                 {
                   $password = mysqli_real_escape_string($connection,$_POST['password']);   
                 }

               if(empty($_POST['cpassword']))
                 {
                   $error[] = 'Please confirm password. ';
                 }
               else
                 {
                   $cpassword = mysqli_real_escape_string($connection,$_POST['cpassword']);
                 }

               if($password == $cpassword)
                 {
                   $mainpassword= $password;
                 }
               else
                 {
                   $error[] = 'Your passwords do not match. ';
                 }      

               if(empty($error))
                 {                     
                   $query = "SELECT * from User WHERE username=' ".$username." ' ";
                   $result = mysqli_query($connection, $query) or die
                       (mysqli_error($connection));

                  if(mysqli_num_rows($result)> 0)
                  {
                   $multi = "Sorry ! This Username is not available...Please choose another";
                  }
                  else{ $sql="INSERT INTO user(username,password)VALUES                          ('$username','$password')";

              mysqli_query($connection, $sql) or die(mysqli_error($connection));
              header('Location:/MySQLi/confirmation.php'); }
}
               else
                  {
                    $error_message = '<span class="error">';
                    foreach($error as $key => $values) {
                    $error_message.="$values";
                    }
                    $error_message.="</span><br/><br/>";    
                    } 
                 }
?>

推荐答案

您正在手动在用户名周围添加空格，以使其看起来不存在:

You are manually adding spaces around your username so it will look like it does not exist:

$query = "SELECT * from User WHERE username=' ".$username." ' ";
                                             ^             ^

应该是:

$query = "SELECT * from User WHERE username='".$username."' ";

使用准备好的语句将一劳永逸地避免该问题和潜在的sql注入问题:

Using a prepared statement would avoid that problem and potential sql injection problems in one go:

$query = "SELECT * from User WHERE username=?";

还要确保您始终使用表名和列名:User不一定与user相同.

Also make sure you consistently use your table- and column names: User is not necessarily the same as user.

还要注意，您永远不要在数据库中存储纯文本密码，而应该

Also note that you should never store plain-text passwords in a database, you should salt and hash them.

这篇关于使用PHP检查用户名是否已经存在的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！