Php 在更新之前为用户提供
我已经制作了一个API,可以使用insert在mysql数据库中插入7个字段的数据:全名、城市、血型、密码、mobileno、Last捐赠、创建日期。请帮助我添加一些代码来搜索是否已经使用mobileno字段添加了用户,然后才添加记录,否则显示消息用户已经存在Php 在更新之前为用户提供,php,search,Php,Search,我已经制作了一个API,可以使用insert在mysql数据库中插入7个字段的数据:全名、城市、血型、密码、mobileno、Last捐赠、创建日期。请帮助我添加一些代码来搜索是否已经使用mobileno字段添加了用户,然后才添加记录,否则显示消息用户已经存在 <?php header("Access-Control-Allow-Origin: *"); header("Content-Type: application/json; charset=UTF-8"); if(count($_
<?php
header("Access-Control-Allow-Origin: *");
header("Content-Type: application/json; charset=UTF-8");
if(count($_REQUEST) > 0)
{
$conn = mysqli_connect("localhost", "creative_bloodapp", "PasSwORd", 'creative_bldapp');
$fullname =$_POST['fullname'];
$city =$_POST['city'];
$bloodgroup =$_POST['bloodgroup'];
$password =$_POST['password'];
$mobileno =$_POST['mobileno'];
$lastdonated =$_POST['lastdonated'];
$created_date = date('Y-m-d H:i:s');
$sql = "INSERT INTO register (fullname, city, bloodgroup, password, mobileno, lastdonated, created_date) VALUES ('" . $fullname . "','" . $city . "','" . $bloodgroup . "','" . $password . "','" . $mobileno . "','" . $lastdonated . "','". $created_date . "');";
$qur = $conn->query($sql);
if($qur){
$query="SELECT * FROM register ORDER BY mobileno DESC LIMIT 1;";
$data=array();
$result=mysqli_query($conn, $query);
$row=mysqli_fetch_assoc($result);
mysqli_close($conn);
response(1,"User has been registered!",$row);
}else{
mysqli_close($conn);
response(0,"Not Registered!",NULL);
}
}
else
{
response(0,"Not Registered!",NULL);
}
function response($status,$status_message,$data)
{
header("HTTP/1.1 ".$status);
$response['status']=$status;
$response['status_message']=$status_message;
$response['data']=$data;
$json_response = json_encode($response);
echo $json_response;
}
?>
是的,让它成为MobileNoUnique密钥
if($qur)
{
// new mobileno
//add it will take
}
else
{
// repeated i will not accept, you put mobileno exist.
}
是的,让它成为MobileNoUnique密钥
if($qur)
{
// new mobileno
//add it will take
}
else
{
// repeated i will not accept, you put mobileno exist.
}
寻找这样的东西;我更改了一些查询并为您重新编写了一部分。还添加了mysqli\u real\u escape\u字符串
寻找这样的东西;我更改了一些查询并为您重新编写了一部分。还添加了mysqli\u real\u escape\u字符串
只需在插入开始前添加一个简单的select计数,它就可以检查手机是否已经存在,顺便问一下,为什么不使用预先准备好的语句,无论如何,您都在使用mysqli在插入查询之前,执行一个select查询,检查$mobileno eqauls是否在数据库中,即$res=querySELECT*FROM表,其中mobileno='$mobileno'ifcount$res>=1,则echo user存在;出口请添加一些SQL注入预防只需在插入开始之前添加一个简单的select计数,它就可以检查手机是否已经存在,顺便问一下,为什么不使用准备好的语句,无论如何,您都在使用mysqli在插入查询之前,执行一个select查询,检查$mobileno eqauls是否在数据库中,即$res=querySELECT*FROM表,其中mobileno='$mobileno'ifcount$res>=1,则echo user存在;出口请添加一些SQL注入预防措施
<?php
header("Access-Control-Allow-Origin: *");
header("Content-Type: application/json; charset=UTF-8");
if(count($_REQUEST) > 0)
{
$conn = mysqli_connect("localhost", "creative_bloodapp", "PasSwORd", 'creative_bldapp');
$fullname = mysqli_real_escape_string($conn, $_POST['fullname']);
$city = mysqli_real_escape_string($conn, $_POST['city']);
$bloodgroup = mysqli_real_escape_string($conn, $_POST['bloodgroup']);
$password = mysqli_real_escape_string($conn, $_POST['password']);
$mobileno = mysqli_real_escape_string($conn, $_POST['mobileno']);
$lastdonated = mysqli_real_escape_string($conn, $_POST['lastdonated']);
$created_date = date('Y-m-d H:i:s');
$verifysql = "select id from register where mobileno='".$mobileno."'";
$qur = $conn->query($verifysql);
if($qur->num_rows == 0){
$sql = "INSERT INTO register (fullname, city, bloodgroup, password, mobileno, lastdonated, created_date) VALUES ('" . $fullname . "','" . $city . "','" . $bloodgroup . "','" . $password . "','" . $mobileno . "','" . $lastdonated . "','". $created_date . "');";
$result = $conn->query($sql);
if($result){
mysqli_close($conn);
response(200,"User has been registered!",$row);
}else{
mysqli_close($conn);
response(500,"Registeration Failed",NULL);
}
}
else{
mysqli_close($conn);
response(409,"User Already Exists!",NULL);
}
}
else
{
response(400,"Not Registered!",NULL);
}