$TableName = "interns";
if ($errors == 0)
{
$SQLstring = "SELECT COUNT(*) FROM $TableName" . "WHERE email=$email";
$QueryResult = mysqli_query($DBConnect, $SQLstring);
if ($QueryResult)
{
$Row = mysqli_fetch_row($QueryResult);
if ($Row[0]>0)
{
echo "<p>The email address enterend (" . htmlentities($email) . ") is already registered.</p>'n";
++$errors;
}
}
}
我在这里做错了什么,一切对我来说都很好。我有点晚了,也许我需要一双新鲜的眼睛。任何帮助将不胜感激。
你缺少一个空格和引号,更改:
"SELECT COUNT(*) FROM $TableName" . "WHERE email=$email";
自:
"SELECT COUNT(*) FROM $TableName" . " WHERE email='$email'";
或更简单(不需要字符串连接):
"SELECT COUNT(*) FROM $TableName WHERE email='$email'";
加法:
正如下面j_mcnally建议的那样,最好逃离$email
以防止可能的SQL注入攻击