我对PHP很陌生。下面的代码是从我在网上找到的众多教程中拼凑而成的,它正在按照我想要的方式工作。我收到了我的导师的电子邮件,要求我们添加代码以防止输入重复的电子邮件地址。我有需要添加的代码,但我不知道它应该去哪里。
以下是现有代码:
<?
include('config.php');
// table name
$tbl_name=temp_members;
// Random confirmation code
$confirm_code=md5(uniqid(rand()));
// values sent from form
$email=$_POST['email'];
$password=$_POST['password'];
$firstname=$_POST['firstName'];
$lastname=$_POST['lastName'];
// Insert data into database
$sql="INSERT INTO $tbl_name(confirm_code, email, password, firstname, lastname)VALUES('$confirm_code', '$email', '$password', '$firstname', '$lastname')";
$result=mysql_query($sql);
// if suceesfully inserted data into database, send confirmation link to email
if($result){
// ---------------- SEND MAIL FORM ----------------
// send e-mail to ...
$to=$email;
// Your subject
$subject="Francis Flower confirmation link";
// From
$headers="from: Francis Flower Admin <francis.flower.contact@gmail.com>";
$headers .= "MIME-Version: 1.0'r'n";
$headers .= "Content-Type: text/html; charset=ISO-8859-1'r'n";
// Your message
$message = '<html><head>';
$message .= '<style type="text/css">
body {
font-family: Helvetica, Arial;
}
.center {
text-align: left;
}
</style>';
$message .= '<body><div class="center"><img src="http://www.jblanksby.yourwebsolution.net/images/logo.png"/>';
$message .= "<p>Dear " .$_POST['firstName']. " " .$_POST['lastName'].", </p>";
$message .= '<p>Thank you for signing up for an account at Francis Flower. </p>';
$message .= '<p>Your new account details are below: </p>';
$message .= "<p>Email Address: ".$_POST['email']. "</p>";
$message .= "<p>Password: " .$_POST['password']. "</p>";
$message .= "<p>Before you can login, you need to activate your account using the link below:</p>";
$message .= "<p>Click on this link to activate your account</p>";
$message .= "<p>http://jblanksby.yourwebsolution.net/confirmation.php?passkey=$confirm_code</p>";
$message .= '</div></body></html>';
// send email
$sentmail = mail($to,$subject,$message,$headers);
}
// if not found
else {
echo "Not found your email in our database";
}
// if your email succesfully sent
if($sentmail){ ?>
echo "Mail has been sent";
} else {
echo "Mail has not been sent"};
?>
这是捕获重复电子邮件的代码,我想将其包含在上面的代码中:
$query = "SELECT * FROM $tbl_name WHERE email = '{$email}'";
$result = mysql_query($query);
if ( mysql_num_rows ( $result ) > 1 )
{
/* Username already exists */
echo 'Username already exists';
}
else
{
/* Username doesn't exist */
/* .. insert query */
}
任何有这个的助手都会很棒!
它应该放在你执行INSERT语句之前。
请注意,您的脚本容易受到 SQL 注入攻击。至少对$_POST输入值调用mysql_real_escape_string():
// Get email from the form before checking if it was already inserted
// you don't need the other form values yet...
$email = mysql_real_escape_string($_POST['email']);
$query = "SELECT * FROM $tbl_name WHERE email = '{$email}'";
$result_eml = mysql_query($query);
// Added some error checking here to make sure the query succeeded
// Also here, check for > 0, not > 1 -- you want to find out if 1 or more rows exist, not that 2 or more exist...
if ( $result_eml && mysql_num_rows ( $result_eml ) > 0 )
{
/* Username already exists */
echo 'Username already exists';
}
else if (!$result) {
// error in query
}
else
{
// table name
$tbl_name=temp_members;
// Random confirmation code
$confirm_code=md5(uniqid(rand()));
// Other values sent from form
$password = mysql_real_escape_string($_POST['password']);
$firstname = mysql_real_escape_string($_POST['firstName']);
$lastname = mysql_real_escape_string($_POST['lastName']);
// Insert data into database
$sql="INSERT INTO $tbl_name(confirm_code, email, password, firstname, lastname)VALUES('$confirm_code', '$email', '$password', '$firstname', '$lastname')";
$result=mysql_query($sql);
// etc....
}
我不确定这是用于分配还是生产代码,但我要补充一点,通过电子邮件发送用户密码是一个非常糟糕的主意。 电子邮件基本上就像一张明信片 - 除非你用加密发送它(现在地球上几乎没有人这样做),否则任何服务器管理员都可以通过其网络路径从发送点到接收点的任何地方阅读它。
你可以做几件事。 您可以在数据库上放置一个未quie键,这会在插入重复行时出现mysql错误。
您还可以在对当前数据进行插入之前检查数据库,以确保在插入之前没有返回任何行。
这些只是您可以使用的一些想法。
另外,使用 PDO 结帐