在使用php插入sql之前檢查記錄

Question

我正在使用INSERT語句添加記錄。現在我想檢查電子郵件是否已經註冊或已經存在於記錄..如果它已經存在只是給出一個錯誤，否則插入一個新的記錄..這是如何iam這樣做...但選擇查詢是沒有運行...並且仍然沒有檢查地添加記錄。請檢查我的代碼並請提出解決方案。謝謝:)這裏是我的

manage-users.php 
<?php include("../includes/config.php"); ?> 
<?php 
if ($_SESSION["isadmin"]) 
{ 
?> 
<!DOCTYPE HTML> 
<html> 
<head> 
<?php include("includes/pre-header.php");?> 


<title>Admdin Home</title> 
</head> 
<body> 
<div class="container"> 
<?php include("includes/header.php"); ?> 
<?php include("includes/nav.php"); ?> 
<div id="maincontent"> 

<div class="span-24 last"> 
<div id="breadcrumbs"> 
    <a href="">Home</a> > 
    <a href="">Manage Users</a> > 
    Add New 
</div> 
</div> 
<?php include("includes/manage-users-aside.php"); ?> 
<div class="span-18 last"> 
<h2 class="alt">Add New</h2> 
<?php 
if (isset($_GET["status"])) 
{ 
if($_GET["status"]==1) 
{ 
?> 
<div class="success"> 
<?php 
echo("<strong>User Has Been Added Successfully!</strong>"); 
?> 
</div> 
<?php 
} 
if($_GET["status"]==2) 
{ 
?> 
<div class="success"> 
<?php 
echo("<strong>User Has Been Edited Successfully!</strong>"); 
?> 
</div> 
<?php 
} 
} 
if($_GET["status"]==3) 
{ 
echo ("<strong>This Account Already Exixts!. Please add a New One!</strong>"); 
} 
?> 
<form method="post" id="form" action="manage-users-action.php"> 
<label for="email">Email/Username:</label><input id="email" type="text" name="email" value="" class="text" /><br /><br /> 
<label for="password">Password:</label><input id="password" type="password" name="password" value="" class="text" /><br /><br /> 
<label for="firstname">First Name:</label><input id="firstname" type="text" name="firstname" value="" class="text" /><br /><br /> 
<label for="lastname">Last Name:</label><input id="lastname" type="text" name="lastname" value="" class="text" /><br /><br /> 
<label>Type:</label><br /> 
<input type="radio" name="type" value="S" />Student <br /> <br /> 
<input type="radio" name="type" value="T" />Teacher<br /><br /> 
<input type="submit" name="submit" value="Submit" class="button" /> 
</form> 
</div> 
</div> 

<?php include("includes/footer.php"); ?> 
</div> 
</body> 

</html> 
<?php 
} 
else 
{ 
    header("Location: ".$fullpath."login/unauthorized.php"); 

} 
?> 

代碼，這是管理用戶，action.php的

<?php include("../includes/config.php");?> 
<?php 
$fname=$_POST['firstname']; 
$lname=$_POST['lastname']; 
$type=$_POST['type']; 
$email=$_POST['email']; 
$pwd=$_POST['password']; 
$recoverykey=md5(time()); 
$encpwd=md5($pwd); 
$con=mysql_connect($dbserver,$dbusername,$dbpassword); 
if (!$con) { die('Could not connect: ' . mysql_error()); } 
mysql_select_db($dbname, $con); 

$result= mysql_query("SELECT FROM accounts WHERE (email='".$email."')"); 
if(!$result){ 
$sql=("INSERT INTO accounts VALUES (NULL,'".$email."','".$encpwd."','".$fname."','".$lname."','".$type."','".$recoverykey."')" ); 
} 
else 
{ 
header("Location: manage-uesrs.php?status=3"); 
} 
if (!mysql_query($sql,$con)) 
{ 
die('Error: ' . mysql_error()); 
} 
else 
    { 
     header("Location:manage-users.php?status=1"); 
    } 

mysql_close($con); 
?> 

Answer 1

而不是

if (!$result) { 

嘗試

if (mysql_num_rows($result) == 0) 

您查詢總是返回結果 - 即使數據庫中沒有記錄 - 這就是爲什麼您的條件從未起作用。

Answer 2

你實際上在流程中有幾個錯誤。 Zolthan是對的，但你仍然會在數據庫中輸入兩個條目，因爲你的代碼會在「標題」之後繼續執行。在「標題位置」調用之後始終爲exit();。

您還需要驗證/做到安全數據（否則$ RETVAL將是錯誤的，它會出錯，如果你遵循佐爾坦信。）

固定的東西了：

// Validate you have an valid email 
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { 
    header("Location: manage-uesrs.php?status=ErrorInSQL"); // Note: location should take a full URL. This works in all browsers I know of, but is not strictly correct. 
    exit(); // Critical - otherwise you script will continue to run. 
} 

// Than sanatize your data. Use PDO or mysql; for for now I'll use your code 
$email = mysql_real_escape_string($email); 
// Repeat for the other fields 

$result= mysql_query("SELECT FROM accounts WHERE (email='".$email."')"); 
if (!$result) { 
    header("Location: manage-uesrs.php?status=ErrorInSQL"); // Note: location should take a full URL. This works in all browsers I know of, but is not strictly correct. 
    exit(); // Critical - otherwise you script will continue to run. 
} else (mysql_num_rows($result) > 0) 
    header("Location: manage-uesrs.php?status=NotUniqueURL"); 
    exit(); // Critical - again. 
} 

// As we're here, we can now do thq SQL as you have 
// Remmber mysql_real_escape_string on all variables (or use PDO/mysqli prepared statements) 
$sql=("INSERT INTO accounts VALUES (NULL,'".$email."','".$encpwd."','".$fname."','".$lname."','".$type."','".$recoverykey."')" ); 
if (mysql_query($sql,$con)) { 
    header("Location:manage-users.php?status=1"); 
    exit(); // ;) 
} else { 
    header("Location: manage-uesrs.php?status=ErrorInSQL"); 
    exit(); // ;) 
} 

但是，正如xQbert所建議的，您的最佳方法是在一個查詢中。

在字段「email」的數據庫中創建一個「唯一」索引。

// Validate you have an valid email 
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { 
    header("Location: manage-uesrs.php?status=ErrorInSQL"); // Note: location should take a full URL. This works in all browsers I know of, but is not strictly correct. 
    exit(); // Critical - otherwise you script will continue to run. 
} 

// Than sanatize your data. Use PDO or mysql; for for now I'll use your code 
$email = mysql_real_escape_string($email); 
// Repeat for the other fields 

// Dive traight into the SQL 
// Remmber mysql_real_escape_string on all variables (or use PDO/mysqli prepared statements) 
$sql=("INSERT INTO accounts VALUES (NULL,'".$email."','".$encpwd."','".$fname."','".$lname."','".$type."','".$recoverykey."')" ); 
if (mysql_query($sql,$con)) { 
    header("Location:manage-users.php?status=1"); 
    exit(); // ;) 
} else { 
    // This could error because it is in use, or you have error in your sql. So debug with mysql_error() initially to get your SQL correct, then when you're sure that is right, assume any error is duplicate e-mail. You could alsocheck with with mysql error codes to be extra safe. 
    header("Location: manage-uesrs.php?status=AlreadyInUse"); 
    exit(); // ;) 
}