如何爲唯一電子郵件添加服務器端驗證

我有一個非常簡單的表單，用於獲取電子郵件地址以發送簡報。我想弄清楚如何添加一些服務器端驗證來檢查輸入的電子郵件地址是否已經在我的database中。然後，如果它已經輸入，它不允許表單提交，並且會拋出用戶可以看到的錯誤。如何爲唯一電子郵件添加服務器端驗證

我該如何去檢查這個和顯示錯誤？

<form action="" method="POST" id="newsletter-form"> 
    <input type="email" id="footer-grid1-newsletter-input" placeholder="Your Email Address" pattern=".{3,}" required> 
    <input type="submit" id="footer-grid1-newsletter-submit" name="submit" value='&nbsp'> 
</form> 


$("#newsletter-form").on("submit", function (event) { 
     event.preventDefault(); 

     var newsletter_email = $("#footer-grid1-newsletter-input").val(); 
     var targeted_popup_class = jQuery(this).attr('data-popup-open'); 

     $.ajax({ 
      url: "newsletterSend.php", 
      type: "POST", 
      data: { 
       "newsletter_email": newsletter_email 
      }, 
      success: function (data) { 
      // console.log(data); // data object will return the response when status code is 200 
       if (data == "Error!") { 
        alert("Unable to insert email!"); 
        alert(data); 
       } else { 
        $("#newsletter-form")[0].reset(); 
        $('.newsletter-popup').fadeIn(350).delay(2000).fadeOut(); 
       } 
      }, 
      error: function (xhr, textStatus, errorThrown) { 
       alert(textStatus + " | " + errorThrown); 
       //console.log("error"); //otherwise error if status code is other than 200. 
      } 
     }); 
    }); 

$newsletter_email = $_POST['newsletter_email']; 

try { 

    $con = mysqli_connect("localhost", "", "", ""); 

    if (mysqli_connect_errno()) { 
     printf("Connect failed: %s\n", mysqli_connect_error()); 
     exit(); 
    } 
    $stmt = $con->prepare("INSERT INTO newsletter (email, subscribed) VALUES (?, NOW())"); 
     if (false===$stmt) { 
      die('Newsletter email prepare() failed: ' . htmlspecialchars($con->error)); 
     } 
    $stmt->bind_param('s', $newsletter_email); 
     if (false===$stmt) { 
      die('Newsletter email bind_param() failed: ' . htmlspecialchars($stmt->error)); 
     } 
    $stmt->execute(); 
     if (false===$stmt) { 
      die('Newsletter email execute() failed: ' . htmlspecialchars($stmt->error)); 
     }

來源

2016-03-15 Becky

只需添加返回FALSE;在你的AJAX錯誤查詢，它不會提交 –

@AslanKaya如何檢查電子郵件是否已被輸入，但？ – Becky

如果在嘗試插入之前電子郵件已經可用，則需要執行SQL檢查。下面的例子應該有所幫助 –

這下面應該可以幫到你。

JS：

$(document).ready(function(){ //newly added 
    $('#footer-grid1-newsletter-submit').click(function() {  
     var emailVal = $('#footer-grid1-newsletter-input').val(); // assuming this is a input text field  
     $.post('checkemail.php', {'email' : emailVal}, function(data) { 
      if(data=='exist'){ 
       $('#alert').html("<p> You are already subscribed to our website</p>"); 
       return false; 
      } 
      else { 
       $('#newsletter-form').submit(); 
      } 
     });  
    }); 

});

HTML：

<form action="" method="POST" id="newsletter-form"> 
    <input type="email" id="footer-grid1-newsletter-input" placeholder="Your Email Address" pattern=".{3,}" required> 
    <input type="submit" id="footer-grid1-newsletter-submit" name="submit" value='&nbsp'> 
</form>

PHP：

$con = mysqli_connect("localhost", "", "", ""); 

if (mysqli_connect_errno()) { 
    printf("Connect failed: %s\n", mysqli_connect_error()); 
    exit(); 
} 


$sql = "SELECT email FROM newsletter WHERE email = '" .$_POST['email'] ."'"; 
$select = mysqli_query($con, $sql); 
$row = mysqli_fetch_assoc($select); 

if (mysqli_num_rows > 0) { 
    echo "exist"; 
} 
else { 
    $stmt = $con->prepare("INSERT INTO newsletter (email, subscribed) VALUES (?, NOW())"); 
}

來源

2016-03-15 15:08:02

這使得表單重新加載頁面。 – Becky

...請不要回答像SQL注入這樣的漏洞。即使有一個例子。 – Lpu8er

你可以嘗試提醒（數據）;並看看輸出是什麼。返回false;應該禁用表單提交，除非php代碼沒有發送結果存在此外，這是示例結果，你應該考慮你自己的安全問題，如鄧肯提到的。你可以使用mysql_real_escape_string（）來使任何SQL注入無效。 –

如何爲唯一電子郵件添加服務器端驗證

回答

相關問題