使用PHP和MySQL检查数据库中是否存在用户名
已经为此挣扎了几天,读到了大量类似的问题,但仍然无法解决。我试图通过html表单获取用户信息并用它更新我的数据库,但前提是用户名不存在。。。 问题1:不管怎样,它都可以用相同的用户名创建条目 问题2:我一直收到错误警告:mysqli_num_rows()期望参数1是mysqli_result,bool给定 我确信他们是有联系的,但就我个人而言,我不知道解决办法是什么使用PHP和MySQL检查数据库中是否存在用户名,php,mysql,mysqli,Php,Mysql,Mysqli,已经为此挣扎了几天,读到了大量类似的问题,但仍然无法解决。我试图通过html表单获取用户信息并用它更新我的数据库,但前提是用户名不存在。。。 问题1:不管怎样,它都可以用相同的用户名创建条目 问题2:我一直收到错误警告:mysqli_num_rows()期望参数1是mysqli_result,bool给定 我确信他们是有联系的,但就我个人而言,我不知道解决办法是什么 <?php //declare variables $dbhost = "localhost"; $db
<?php
//declare variables
$dbhost = "localhost";
$dbuser = "root";
$dbpass = "mypassword";
$db = "user_info";
if (!empty($_POST)) {
//connect to mysqli
$mysqli = new mysqli($dbhost, $dbuser, $dbpass, $db);
//check connection
if ($mysqli->connect_error) {
die('Connect Error: ' . $mysqli->connect_errno . ': ' . $mysqli->connect_error );
}
//declare user variables
$first_name = $_POST['first_name'];
$last_name = $_POST['last_name'];
$user_name = $_POST['user_name'];
$pass = $_POST['pass'];
$address = $_POST['address'];
$phone = $_POST['phone'];
//get data from form
$sql = "INSERT INTO users (first_name, last_name, user_name, pass, address, phone) VALUES
('{$mysqli->real_escape_string($first_name)}',
'{$mysqli->real_escape_string($last_name)}',
'{$mysqli->real_escape_string($user_name)}',
'{$mysqli->real_escape_string($pass)}',
'{$mysqli->real_escape_string($address)}',
'{$mysqli->real_escape_string($phone)}')";
// ** HERE IS WHERE I AM HAVING ISSUES **
//query to see if entered username already exists
$result = $mysqli->query("SELECT * FROM users WHERE user_name =$user_name");
//alert if user name taken
if (mysqli_num_rows($result) > 0) {
echo "<b>Username already taken! Please select another.</b>";
} else {
//continue to insert into database if username is unique
$insert = $mysqli->query($sql);
//print response from mysql
if ($insert) {
echo "Success! Row ID: {$mysqli->insert_id}";
} else {
die("error: {$mysqli->errno}");
}
}
//close our app
$mysqli->close();
}
?>
像这样试试
<?php
if (!empty($_POST)) {
//connect to mysqli
$mysqli = new mysqli($dbhost, $dbuser, $dbpass, $db);
//check connection
if ($mysqli->connect_error) {
die('Connect Error: ' . $mysqli->connect_errno . ': ' . $mysqli->connect_error );
}
//declare user variables
$first_name = $_POST['first_name'];
$last_name = $_POST['last_name'];
$user_name = $_POST['user_name'];
$pass = $_POST['pass'];
$address = $_POST['address'];
$phone = $_POST['phone'];
$query = $mysqli->prepare("SELECT count(*) FROM users WHERE user_name = ?");
$query->bind_param('s', $user_name);
$query->bind_result($cnt);
$query->execute();
$query->store_result();
$query->fetch();
$query->close();
if ($cnt > 0) {
echo "<b>Username already taken! Please select another.</b>";
} else {
$query = $mysqli->prepare("INSERT INTO users (first_name, last_name, user_name, pass, address, phone) VALUES (?,?,?,?,?,?)");
$query->bind_param('ssssss', $first_name, $last_name, $user_name, $pass, $address, $phone);
$query->execute();
if ($query->execute()) {
echo "Success! Row ID: {$query->insert_id}";
} else {
die("error: {$query->errno}");
}
$query->close();
}
}
连接POST变量不是一个好主意,使用prepared语句我不理解SELECT的意义。如果插入失败(因为您已将列指定为唯一的),那么您就知道需要知道的一切。您的问题称为SQL注入。之所以会看到这个奇怪的消息,是因为您使用SQL注入破坏了自己的SQL,并且没有启用错误报告,所以mysqli不会告诉您错误。这也是一个XY问题,因为这个选择不应该存在。谢谢大家的帮助。一般来说,我对PHP和编程都非常陌生,所以我将接受你们所说的,并在我的项目中工作!请不要回答封闭式问题,当您回答时,请至少解释您的解决方案。