爲了說明事情,我對mysql的知識非常有限,我決定嘗試使用PDO,因爲我聽說它使用起來更安全。話雖如此,如果您在嘗試幫助我時看到任何注射責任,請告訴我!無論如何,我有如何處理PDO查詢的輸出問題,只是執行一般...PDO插入和執行
我試圖做的第一件事是獲取表單數據,並搜索數據庫,看看是否有任何其他人使用相同的用戶名或同電子郵件:
if(isset($_POST['name']) && !empty($_POST['name']) AND isset($_POST['password']) && !empty($_POST['password']) AND $_POST['password'] == $_POST['password2'] AND isset($_POST['email']) && !empty($_POST['email']) AND isset($_POST['year']) && !empty($_POST['year']) AND isset($_POST['termsandconditions']) && !empty($_POST['termsandconditions'])){
$name = $_POST['name'];
$password = $_POST['password'];
$email = $_POST['email'];
foreach ($_POST['year'] as $year);
$termsandconditions = $_POST['termsandconditions'];
$idqry = $sql->prepare("SELECT id FROM users WHERE username = :idcheck");
$idqry->bindParam(':idcheck', $name, PDO::PARAM_STR,20);
$idqry->execute();
$emailqry = $sql->prepare("SELECT id FROM users WHERE email = :idcheck");
$emailqry->bindParam(':emailcheck', $email, PDO::PARAM_STR, 40);
$emailqry->execute();
後來,我嘗試走PDO查詢檢查重複的用戶名/電子郵件和創建不同的條件:
if(!eregi("^[A-Z0-9._%+-][email protected][A-Z0-9.-]+\.(edu)$", $email)){
// Return Error - Invalid Email
$msg = 'The email you have entered is invalid, please try again.<br />*NOTE: You must use a .edu email to be able to register!';
}elseif($idqry != FALSE){
$msg = "That username has already been used, please try another one.";
}elseif($emailqry != FALSE){
$msg = 'That email has already been used, <a class=statusmsg href="../recovery/">need to recover your password?</a>.';
}else{
$msg = 'Your account has been made, <br /> please verify it by clicking the activation link that has been sent to your email.';
$hash = md5(rand(0,1000));
$hashedpass = password_hash($password, PASSWORD_BCRYPT);
$sqlinsert = $sql->prepare("INSERT INTO users (username, password, email, hash, year, termsandconditions) VALUES (:username, :password, :email, :hash, :year, :termsandconditions)");
$sqlinsert->execute(array(
':username' => $name,
':password' => $hashedpass,
':email' => $email,
':hash' => $hash,
':year' => $year,
':termsandconditions' => $termsandconditions));
}
}
當我嘗試測試這個,我總是得到一個$ msg的輸出「這個用戶名已經完成已經使用過了,請再試一次。「 (即使我輸入了唯一的用戶名)
您是否看到任何錯誤? 另外,是否有可能bindParam數據庫INSERTs? 謝謝!
'eregi'功能已經過時很久以前。你仍然使用古老的PHP版本?而且,如果您想驗證電子郵件地址,則不需要正則表達式。使用內置的'filter_var()'函數(> = PHP 5.2+) – Yang 2013-02-16 11:19:25
我同意@metal_fan使用PHP內置的函數。確保你在客戶端驗證以及爲你節省一些服務器處理。這就是說,始終在服務器端進行驗證。 – James 2013-02-16 13:42:38