PHP/MySQL查询未执行
正如标题所说,我的PHP/MySQL查询没有执行 有人能看看我做错了什么吗PHP/MySQL查询未执行,php,mysql,Php,Mysql,正如标题所说,我的PHP/MySQL查询没有执行 有人能看看我做错了什么吗 $name = ((isset($_POST['name']))?sanitize($_POST['name']):''); $email = ((isset($_POST['email']))?sanitize($_POST['email']):''); $password = ((isset($_POST['password']))?sanitize($_POST['password']):'');
$name = ((isset($_POST['name']))?sanitize($_POST['name']):'');
$email = ((isset($_POST['email']))?sanitize($_POST['email']):'');
$password = ((isset($_POST['password']))?sanitize($_POST['password']):'');
$confirm = ((isset($_POST['confirm']))?sanitize($_POST['confirm']):'');
$errors = array();
if($_POST){
$emailQuery =$db->query("SELECT FROM users1 WHERE email = '$email'");
$emailCount = mysqli_num_row($emailQuery);
if($emailCount != 0){
$errors[] = 'That email already exists in our database.';
}
代码中有两个问题
$name = ((isset($_POST['name']))?sanitize($_POST['name']):'');
$email = ((isset($_POST['email']))?sanitize($_POST['email']):'');
$password = ((isset($_POST['password']))?sanitize($_POST['password']):'');
$confirm = ((isset($_POST['confirm']))?sanitize($_POST['confirm']):'');
$errors = array();
if($_POST){
$emailQuery =$db->query("SELECT * FROM users1 WHERE email = '$email'");
$emailCount = mysqli_num_rows($emailQuery);
if($emailCount != 0){
$errors[] = 'That email already exists in our database.';
}
从users1中选择,其中email='$email'您缺少您正在选择的内容。据我所知,
$\u POST
将始终存在,因为它是超全局的;至少使用if($\u POST['email'])
。如果只打算使用一次,则无需声明mysqli_num_行
:if(mysqli_num_行($emailQuery)){$error[…}
。最后,您应该使用预先准备好的语句来防止注入。警告:当使用mysqli
时,您应该使用And将用户数据添加到查询中。不要使用手动转义和字符串插值或串联来完成此操作,因为这样会创建严重的错误。意外未扫描的数据是一个严重的风险。使用绑定参数不太冗长,并且更容易检查是否正确执行。警告:编写自己的访问控制层并不容易,而且有很多可能会出现严重错误。请不要编写您自己的身份验证系统,因为任何现代的同类产品都具有强大的内置功能。至少绝对不要以明文形式存储密码。谢谢你,工作很有魅力