$query = ("SELECT * FROM users");
$result = mysqli_query($connection, $query);
if (!empty($_POST)){
while ($row = mysqli_fetch_assoc($result)){
if ($username == $row['username']){
echo "Username Taken, Try again";
}else if (empty($username) || !isset($username)) {
echo "Please enter a valid username";
} else if (empty($email) || !isset($email)){
我想在他们更新或注册详细信息时检查用户名是否已经被占用。我注意到,我检查用户名字段是否为空,并设置AFTER,我检查它是否被占用。我会改变的。但是,我仍然可以注册已经使用的用户名?
就像一些评论所说的那样,让我为您重新表述一下。
理想情况下,您应该检查表中是否存在用户名,而不是获取所有用户名并检查每个用户名(这是多余的,不需要(。
所以你应该做:
if (!empty($_POST)){
//get the submitted username cleaned
$username = mysqli_real_escape_string($connection,$_POST['username']);
//get username where username=posted username
$query = mysqli_query($connection,"SELECT username FROM users WHERE username='{$username}'");
//get the number of rows returned from above query
$count = mysqli_num_rows($query);
//if a row is found, that means the username exists
//so post the error
if($count==1){
echo "Username Taken, Try again";
}
}
使用mysqli查找准备好的语句。它会自动为您执行mysqli_real_escape_string()功能,并且更安全地防止注入。我刚开始在PDO上学习它,所以我不熟悉mysqli的方法,因此无法接受这个答案。