2013-02-16 85 views
0

爲了說明事情,我對mysql的知識非常有限,我決定嘗試使用PDO,因爲我聽說它使用起來更安全。話雖如此,如果您在嘗試幫助我時看到任何注射責任,請告訴我!無論如何,我有如何處理PDO查詢的輸出問題,只是執行一般...PDO插入和執行

我試圖做的第一件事是獲取表單數據,並搜索數據庫,看看是否有任何其他人使用相同的用戶名或同電子郵件:

if(isset($_POST['name']) && !empty($_POST['name']) AND isset($_POST['password']) && !empty($_POST['password']) AND $_POST['password'] == $_POST['password2'] AND isset($_POST['email']) && !empty($_POST['email']) AND isset($_POST['year']) && !empty($_POST['year']) AND isset($_POST['termsandconditions']) && !empty($_POST['termsandconditions'])){ 
     $name = $_POST['name']; 
      $password = $_POST['password']; 
     $email = $_POST['email']; 
     foreach ($_POST['year'] as $year); 
     $termsandconditions = $_POST['termsandconditions']; 

     $idqry = $sql->prepare("SELECT id FROM users WHERE username = :idcheck"); 
     $idqry->bindParam(':idcheck', $name, PDO::PARAM_STR,20); 
     $idqry->execute(); 

     $emailqry = $sql->prepare("SELECT id FROM users WHERE email = :idcheck"); 
     $emailqry->bindParam(':emailcheck', $email, PDO::PARAM_STR, 40); 
     $emailqry->execute(); 

後來,我嘗試走PDO查詢檢查重複的用戶名/電子郵件和創建不同的條件:

if(!eregi("^[A-Z0-9._%+-][email protected][A-Z0-9.-]+\.(edu)$", $email)){ 
     // Return Error - Invalid Email 
     $msg = 'The email you have entered is invalid, please try again.<br />*NOTE: You must use a .edu email to be able to register!'; 
    }elseif($idqry != FALSE){ 
     $msg = "That username has already been used, please try another one."; 
    }elseif($emailqry != FALSE){ 
     $msg = 'That email has already been used, <a class=statusmsg href="../recovery/">need to recover your password?</a>.'; 
    }else{ 
     $msg = 'Your account has been made, <br /> please verify it by clicking the activation link that has been sent to your email.'; 
     $hash = md5(rand(0,1000)); 
     $hashedpass = password_hash($password, PASSWORD_BCRYPT); 



     $sqlinsert = $sql->prepare("INSERT INTO users (username, password, email, hash, year, termsandconditions) VALUES (:username, :password, :email, :hash, :year, :termsandconditions)"); 
     $sqlinsert->execute(array(
          ':username' => $name, 
          ':password' => $hashedpass, 
          ':email' => $email, 
          ':hash' => $hash, 
          ':year' => $year, 
          ':termsandconditions' => $termsandconditions)); 
    } 
} 

當我嘗試測試這個,我總是得到一個$ msg的輸出「這個用戶名已經完成已經使用過了,請再試一次。「 (即使我輸入了唯一的用戶名)

您是否看到任何錯誤? 另外,是否有可能bindParam數據庫INSERTs? 謝謝!

+1

'eregi'功能已經過時很久以前。你仍然使用古老的PHP版本?而且,如果您想驗證電子郵件地址,則不需要正則表達式。使用內置的'filter_var()'函數(> = PHP 5.2+) – Yang 2013-02-16 11:19:25

+1

我同意@metal_fan使用PHP內置的函數。確保你在客戶端驗證以及爲你節省一些服務器處理。這就是說,始終在服務器端進行驗證。 – James 2013-02-16 13:42:38

回答

3

我認爲你想要做的是這樣的。

$idqry = $sql->prepare("SELECT id FROM users WHERE username = :idcheck"); 
$idqry->bindParam(':idcheck', $name, PDO::PARAM_STR,20); 
$idqry->execute(); 
//This is how you get the number of rows returned 
$rowCount = $idqry->rowCount(); 

if ($rowCount > 0){ 
echo 'user name taken'; 
}else{ 
echo 'user name available'; 
} 

我敢肯定,你可以計算出其餘:)

0

執行命令的返回是根據查詢的成功因此只要查詢可以成功執行TRUE或FALSE值(這意味着表存在,選擇是有效的,有效的MySQL),那麼它會是真正。 (澄清:如果用戶名不存在,則返回的結果是空集,但它仍然是結果,因此查詢成功。)

您應該檢查沒有結果返回,因爲那實際上是說什麼用戶名不存在:

$idqry->execute(); 
$count = $idqry->rowCount(); 

if ($count != 0) { 
    // ERROR 
} 

如前所述也可以使用rowCount時(),而不是獲取所有像我最初使用。即使您試圖保證最多隻有1個結果,但獲取所有數據的效率更高。

+0

fetchAll會有點多餘,不是嗎? – 2013-02-16 09:41:11

+1

不是,我認爲在這種情況下,因爲你只限於1個結果,所以沒關係。如果返回false,可以使用提取並進行測試,但以任何方式需要測試查詢返回的結果數量。你爲什麼說這有點多餘? – richardhsu 2013-02-16 09:47:08

+0

rowCount()怎麼樣? – kabuto178 2013-02-16 10:49:44