1. 首頁
  2. 問答
  3. 用戶名不取自數據庫

用戶名不取自數據庫

2017-07-08 21 views
-1

我是新來的php。我有一些問題。我用($ _GET)變量獲得用戶名的值。假設有人在url中輸入(mehwish)。我想檢查用戶輸入的用戶名是否可用。我的下面的代碼不起作用。如果有任何錯誤,請糾正我的錯誤。感謝您的支持。用戶名不取自數據庫

<?php include("header.php"); 
    include("classes/db.php"); 
    session_start(); 
    $username=""; 
    if(isset($_GET['username'])) 
    { 
     $user=$_GET['username']; 
     if("SELECT user_name FROM user_reg WHERE user_name='$user'") 
     { 
      $username="SELECT user_name FROM user_reg WHERE user_name='$user'"; 
      $run_username=mysqli_query($con,$username); 
      $row=mysqli_fetch_array($run_username); 
      $username=$row['user_name']; 
     } 
     else 
     { 
      die("User does nto exist"); 
     } 
    } 
    ?>

來源

2017-07-08 Mehwish Tariq

+0

**危險**:您很容易[SQL注入攻擊](http://bobby-tables.com/)**,您需要[防禦](http://stackoverflow.com/questions/ 60174/best-way-to-prevent-sql -injection-in-php)自己從。 – Quentin

+0

對不起,其實我是這個領域的初學者,不知道有關SQL注入。請你給我建議一個課程或視頻鏈接來研究它。謝謝你 –

+0

試試我之前評論中的鏈接。 – Quentin

回答

0

使用這樣的事情:

<?php 
session_start(); //This always need to be first line of code 
include("header.php"); 
include("classes/db.php"); 

$username=""; 
if(isset($_GET['username'])) 
{ 
    $user = mysqli_real_escape_string($con,$_GET['username']); 
    //get data from table using the passed user name in the url 
    $checkUser = mysqli_query($con,"SELECT user_name FROM user_reg WHERE user_name='$user'") or die(mysqli_error($con)); 
    //return number of rows from the above query 
    //if more than 0 means user exist in database table 
    if(mysqli_num_rows($checkUser)>0) 
    { 
     $row = mysqli_fetch_array($checkUser); 
     $username = $row['user_name']; 
     //use like this to store in session using $_SESSION global variable 
     $_SESSION["firstname"] = $row["firstname"]; //firstname - column name in table 
     $_SESSION["lastname"] = $row["lastname"]; 
     $_SESSION["email"] = $row["email"]; 
    } 
    else 
    { 
     echo "User does not exist"; 
    } 
} 
?>

來源

2017-07-08 11:01:56 Gyan

+0

請用'$ _GET ['username'] =''測試它; drop table user_reg;''「;' – colburton

+0

您的代碼易受sql注入攻擊 –

+0

@Gyan您會討論這一步實際上我是初學者不明白它是什麼意思..謝謝代碼在這裏 if(mysqli_num_rows($ checkUser)> 0) –

-1

您已在code.Try的東西很多的錯誤是這樣的:

<?php include("header.php"); 
     include("classes/db.php"); 
     session_start(); 
     $username=""; 
     if(isset($_GET['username'])) 
     { 
      $user=$_GET['username']; 
      $q = "SELECT user_name FROM user_reg WHERE user_name='$user'"; 
      $res = mysqli_query($con, q); 
      if(mysqli_num_rows($res) > 0) 
      { 
       while ($row = mysqli_fetch_array($res, $con)) { 
        //Show what you want here.. 
       } 
      } 
      else 
      { 
       echo "User does nto exist"; 
      } 
     } 
?>

來源

2017-07-08 11:07:53

+1

這看起來更像是一個點差的遊戲,而不是答案。你改變了什麼?爲什麼它應該解決這個問題? – Quentin

+0

如此兄弟,請添加您自己的answer.ok? –

0

嘗試做這樣的事情 -

<?php 
//checking for GET variable 
if(isset($_GET['username'])) $user=$_GET['username']; 
else exit("Username is missing"); 

//IGNORE this if your DB connection is set from other files 
//If so make a connection call and get the connection object. 
$servername = "localhost"; //your db servername 
$username = "username"; //your db username 
$password = "password"; //your db password 
$dbname = "myDB"; //your db name 

// Create connection 
$conn = new mysqli($servername, $username, $password, $dbname); 

// Check connection 
if ($conn->connect_error) { 
    die("Connection failed: " . $conn->connect_error); 
} 

//Your Query 
$sql = "SELECT user_name FROM user_reg WHERE user_name='$user'"; 
$result = $conn->query($sql); 

if ($result->num_rows > 0) { 
    // found a row with the user entry. 
    // then the username exists in the database. 
    echo "Valid User"; 

} else { 
    echo "User not found"; 
} 
$conn->close(); 
?>

來源

2017-07-08 11:09:26

+1

這看起來更像是一個點差異遊戲,而不是答案。你改變了什麼?爲什麼它應該解決這個問題? – Quentin

+0

哎呀我輸入時沒有看到別人回答。我的錯。 :p –

0 
<?php 
$username=""; 
if(isset($_GET['username'])) 
{ 
$user=$_GET['username']; 
$checkUser = mysqli_query($con,"SELECT user_name FROM user_reg WHERE 
user_name='$user'") or die(mysqli_error($con)); 
$row=mysqli_fetch_assoc($checkUser); 
if(mysqli_num_rows($checkUser)>0){ 
    $username = $row["user_name"]; 
}else{ 
    echo "User does not exist"; 
} 
} 
?>

來源

2017-07-08 11:11:10

+1

這看起來更像是一個點差異遊戲,而不是答案。你改變了什麼?爲什麼它應該解決這個問題? – Quentin

相關問題

 相關問題