尝试使用 PHP 检查 MySQL 数据库中是否已存在用户名
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/20296777/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Trying to check if username already exists in MySQL database using PHP
提问by covfefe
I've looked at the many other posts that were similar to my issue and implemented their solutions (as far as I can tell) as exactly as I could. However, every time I execute this script, the code in the else block is executed (even when the username inputted is one that is already present).
我查看了许多其他与我的问题类似的帖子,并尽我所能实施了他们的解决方案(据我所知)。但是,每次执行此脚本时,都会执行 else 块中的代码(即使输入的用户名已经存在)。
The table name is 'Users' and the column that I am trying to search is 'username'.
The input from my form was read into $usernameand I verified that it was read in properly using echo. $concontains the connection to the server.
表名是“用户”,我要搜索的列是“用户名”。我的表单的输入被读入$username,我使用echo验证它是否被正确读入。$con包含到服务器的连接。
At some point I also put in echo $query(nothing was printed) and echo mysql_num_rows($query)(nothing was printed).
在某些时候,我还输入了echo $query(没有打印任何内容)和echo mysql_num_rows($query)(没有打印任何内容)。
Here's the relevant segment of the code. Would really appreciate some tips.
这是代码的相关部分。非常感谢一些提示。
$query = mysql_query("SELECT username FROM Users WHERE username=$username", $con);
if (mysql_num_rows($query) != 0)
{
echo "Username already exists";
}
else
{
...
}
EDIT: Apparently I was supposed to be using mysqli for my server and the way I checked the num_rows for that was by doing $query->num_rows since it was a property of the object. Thanks for all the help!
编辑:显然我应该为我的服务器使用 mysqli 并且我检查 num_rows 的方式是通过执行 $query->num_rows 因为它是对象的属性。感谢所有的帮助!
回答by Renish Khunt
回答by Hyman
$query = mysql_query("SELECT username FROM Users WHERE username='$username' ")
$query = mysql_query("SELECT username FROM Users WHERE username='$username'")
Use prepared statements, do not use mysql as it is deprecated.
使用准备好的语句,不要使用 mysql,因为它已被弃用。
// check if name is taken already
$stmt = $link->prepare("SELECT username FROM users WHERE username = :username");
$stmt->execute([
'username' => $username
]);
$user = $stmt->fetch(PDO::FETCH_ASSOC);
if (isset($user) && !empty($user)){
// Username already taken
}
回答by Oki Erie Rinaldi
Try this:
尝试这个:
$query = mysql_query("SELECT username FROM Users WHERE username='$username' ")
Don't add $conto mysql_query()function.
不要添加$con到mysql_query()功能。
Disclaimer: using the usernamevariable in the string passed to mysql_query, as shown above, is a trivial SQL injection attack vector in so far the usernamedepends on parameters of the Web request (query string, headers, request body, etc), or otherwise parameters a malicious entity may control.
免责声明:使用username传递给 的字符串中的变量mysql_query,如上所示,是一个微不足道的 SQL 注入攻击向量,到目前为止,username依赖于 Web 请求的参数(查询字符串、标头、请求正文等),否则参数是恶意的实体可以控制。
回答by user4022980
TRY THIS ONE
试试这个
mysql_connect('localhost','dbuser','dbpass');
$query = "SELECT username FROM Users WHERE username='".$username."'";
mysql_select_db('dbname');
$result=mysql_query($query);
if (mysql_num_rows($query) != 0)
{
echo "Username already exists";
}
else
{
...
}
回答by Nikunj
Everything is fine, just one mistake is there. Change this:
一切都很好,只有一个错误。改变这个:
$query = mysql_query("SELECT username FROM Users WHERE username=$username", $con);
$query = mysql_query("SELECT Count(*) FROM Users WHERE username=$username, $con");
if (mysql_num_rows($query) != 0)
{
echo "Username already exists";
}
else
{
...
}
SELECT *will not work, use with SELECT COUNT(*).
SELECT *不起作用,与SELECT COUNT(*).
回答by Kashif Nazeer
$firstname = $_POST["firstname"];
$lastname = $_POST["lastname"];
$email = $_POST["email"];
$pass = $_POST["password"];
$check_email = mysqli_query($conn, "SELECT Email FROM crud where Email = '$email' ");
if(mysqli_num_rows($check_email) > 0){
echo('Email Already exists');
}
else{
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$result = mysqli_query($conn, "INSERT INTO crud (Firstname, Lastname, Email, Password) VALUES ('$firstname', '$lastname', '$email', '$pass')");
}
echo('Record Entered Successfully');
}
回答by Cody MacLeod
Here's one that i wrote:
这是我写的一篇:
$error = false;
$sql= "SELECT username FROM users WHERE username = '$username'";
$checkSQL = mysqli_query($db, $checkSQL);
if(mysqli_num_rows($checkSQL) != 0) {
$error = true;
echo '<span class="error">Username taken.</span>';
}
Works like a charm!
奇迹般有效!
回答by Adnan Khan AdDY
PHP 7 improved query.........
PHP 7 改进的查询.........
$sql = mysqli_query($conn, "SELECT * from users WHERE user_uid = '$uid'");
if (mysqli_num_rows($sql) > 0) {
echo 'Username taken.';
}
$sql = mysqli_query($conn, "SELECT * from users WHERE user_uid = '$uid'");
if (mysqli_num_rows($sql) > 0) {
echo 'Username taken.';
}
回答by Let me see
Change this
改变这个
$query = mysql_query("SELECT username FROM Users WHERE username=$username", $con);
To
到
$query = mysql_query("SELECT username FROM Users WHERE username='$username'");
