Warning: file_get_contents(/data/phpspider/zhask/data//catemap/8/mysql/70.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
PHP显示已使用用户名和空字段的错误_Php_Mysql_Validation_Registration_Forum - Fatal编程技术网
Fatal编程技术网
  • php/
  • PHP显示已使用用户名和空字段的错误

PHP显示已使用用户名和空字段的错误

php mysql validation

PHP显示已使用用户名和空字段的错误,php,mysql,validation,registration,forum,Php,Mysql,Validation,Registration,Forum,我希望PHP确保用户名没有被使用,并检查字段是否为空。很抱歉,说到php,我是个大傻瓜。这是我的密码: // Check for an Username: $dup = mysql_query("SELECT user_username FROM users WHERE user_username='".$_POST['user_username']."'"); if(mysql_num_rows($dup) >0){ $errors[] =

我希望PHP确保用户名没有被使用,并检查字段是否为空。很抱歉,说到php,我是个大傻瓜。这是我的密码:

// Check for an Username:
    $dup = mysql_query("SELECT user_username FROM users WHERE user_username='".$_POST['user_username']."'");
        if(mysql_num_rows($dup) >0){
            $errors[] = 'Username already used.';
        }
        else{
            $un = mysqli_real_escape_string($dbc, trim($_POST['user_username']));
            echo '<b>Congrats, You are now Registered.</b>';
        }
        else {
            $errors[] = 'You forgot to enter your Username.';
            }

//检查用户名:
$dup=mysql\u query(“从user\u username='”的用户中选择user\u username”。$\u POST['user\u username'].'””;
如果(mysql_num_行($dup)>0){
$errors[]=“用户名已被使用”;
}
否则{
$un=mysqli\u real\u escape\u字符串($dbc,trim($\u POST['user\u username']);
echo“恭喜你,你已经注册了。”;
}
否则{
$errors[]=“您忘了输入用户名。”;
}
您有两条不能使用的
else
语句。此外,您还需要转义
$\u POST
数据。最后,随着时间的推移,您应该离开mysql_*函数。使用mysqli或PDO

<?php
$sql = sprintf("SELECT user_username FROM users WHERE user_username='%s'",
        mysql_real_escape_string($_POST['user_username']));
$dup = mysql_query($sql);
if(empty($_POST['user_username'])){
    $errors[] = 'You forgot to enter your Username.';
}elseif(mysql_num_rows($dup) >0){
    $errors[] = 'Username already used.';
}else{
    $un = mysqli_real_escape_string($dbc, trim($_POST['user_username']));
    echo '<b>Congrats, You are now Registered.</b>';
}?>

在执行任何SQL查询之前,应该先检查输入是否存在


if (!empty($_POST['user_username']) && isset($_POST['user_username'])) {
  $dup = mysql_query("SELECT user_username FROM users WHERE user_username='".$_POST['user_username']."'");
  if(mysql_num_rows($dup) >0){
    $errors[] = 'Username already used.';
  }
  else {
    echo 'Username is available.';
  }
}
else {
  $errors[] = 'Username is empty';
}



正如其他人所评论的,mysql_*函数已被弃用,您还需要考虑如何清理输入。
您需要了解SQL注入-将用户输入的内容直接添加到SQL查询中是一件非常非常糟糕的事情。您得到的确切错误是什么?

if (!empty($_POST['user_username']) && isset($_POST['user_username'])) {
  $dup = mysql_query("SELECT user_username FROM users WHERE user_username='".$_POST['user_username']."'");
  if(mysql_num_rows($dup) >0){
    $errors[] = 'Username already used.';
  }
  else {
    echo 'Username is available.';
  }
}
else {
  $errors[] = 'Username is empty';
}