似乎
无法弄清楚这一点,不知道是不是因为我使用的是 v5+,但">mysqli_num_rows($result(> 0"没有按预期工作......但它仍在将变量注入数据库。
我收到的错误是">警告:mysqli_num_rows(( 期望参数 1 mysqli_result,布尔值在第 22 行的 C:''xampp''htdocs''lichie''register.php 中给出'">
我在堆栈溢出上看到的其他示例可以使用">mysql_query"方法,但我正在尝试使用">mysqli_query"。
这是代码:
<?php
include "connect_db_users.php";
@$username = strtolower($_POST['user']);
@$email = strtolower($_POST['email']);
@$pass = $_POST['pass'];
@$confirmPass = $_POST['confirmPass'];
$ins_user = "INSERT INTO lichie_user(user_user,user_pass,user_email, user_date)"
. "VALUES ('" . $username . "' , '" . $pass . "' , '" . $email . "' , NOW())";
if(isset($_POST['submit'])){
if($username == !''){
if($email == !''){
if($pass == !''){
if($pass == $confirmPass){
$query = 'SELECT user_user FROM lichie_user WHERE user_user=$username';
$result = mysqli_query($connect,$query);
if (mysqli_num_rows($result) > 0){
echo "Username already exists!";
}else{
if(mysqli_query($connect, $ins_user)){
mysqli_close($connect);
/*header("Location: Success.php");*/
echo "INSERTED";
}else{
echo "FAILED!";
}
}
}else{
echo "Passwords do not match!";
}
}else{
echo "Password can not be empty!";
}
}else{
echo "Email can not be empty!";
}
}else{
echo "Username can not be empty!";
}
}
?>
<form method="POST">
<h2 align="center"> Register</h2>
<table id="table1"; cellspacing="5px" cellpadding="5%"; align="center">
<tr>
<td align="right">Username:</td>
<td><input type="text" name="user" /></td>
</tr>
<tr>
<td valign="top" align="right">Email:</td>
<td><input type="email" name="email" /></td>
</tr>
<tr>
<td valign="top" align="right">Password:</td>
<td><input type="password" name="pass" autocomplete="off" /></td>
</tr>
<tr>
<td valign="top" align="right">Confirm Password:</td>
<td><input type="password" name="confirmPass" autocomplete="off"/></td>
</tr>
<tr>
<td><input type="submit" name="submit" value="submit"/></td>
</tr>
</table>
</form>
您的选择查询是错误的。你在$username周围缺少'.
试试这个:
$query = "SELECT user_user FROM lichie_user WHERE user_user='$username'";
另请参阅: 如何防止 PHP 中的 SQL 注入?