我正在尝试对数据库表进行检查。
它检查提供的用户名是否存在电子邮件地址或密码。如果它们中的任何一个存在于所提供用户名的数据库中,则会向用户显示一条错误消息,并且不会更改记录。
问题:但是,由于某种原因,我的检查仅在密码和电子邮件都存在的情况下有效(如果电子邮件地址为空,但密码不为空,则不会显示错误消息(。以下是我的代码:
require ('core/dbcon.php');
$user = mysqli_real_escape_string($con, $_GET['user']);
$acc_status = mysqli_real_escape_string($con, $_GET['status']);
if(empty($_POST['form']) === false){
$usr_email = mysqli_real_escape_string($con, $_POST['email']);
$pwd = mysqli_real_escape_string($con, $_POST['password']);
$rpwd = mysqli_real_escape_string($con, $_POST['rpwd']);
$qry = mysqli_query($con, "SELECT * FROM users WHERE email='$usr_email'") or die(mysqli_error($con));
$usr_details = mysqli_fetch_assoc($qry);
if(empty($usr_details['email'])=== true && empty($usr_details['password'])=== true){
if(mysqli_num_rows($qry) == 0){
if($pwd && $rpwd && $usr_email){
if($pwd === $rpwd){
$pwd = md5($pwd);
$query = mysqli_query($con, "SELECT * FROM users WHERE username='$user' AND email='$usr_email'") or die(mysqli_error($con));
if (mysqli_num_rows($query)== 1){
//update database table
}else{
$errors[] = 'Error! Your details were not added to the system due to a technical error. Please contact the Admin.';
}
}else{
$errors[] = 'Please make sure that the password entered in both fields are the same.';
}
}else{
$errors[] = 'Please complete all fields marked with a red asterisk';
}
}else{
$errors[] = 'Error! <b>'.$usr_email.'</b> already existis in our system.';
}
}else{
$errors[] = 'Error! It looks like the username you have entered has been assigned an email address and password already.';
}
}
我有一个用户名为"testuser"、电子邮件为"的记录test@email.com',以及密码"password"。我的检查工作正常,它显示错误"错误!看起来你输入的用户名已经被分配了电子邮件地址和密码。">但是,当我从数据库中删除电子邮件地址时,它以某种方式假设满足了以下条件:if(empty($usr_details['email'])=== true && empty($usr_details['password'])=== true){
时为empty($usr_details['password'])===false
。
我曾尝试将逻辑运算符从&&
更改为||
,但我遇到了同样的问题(因为OR首先应该接受一个空变量和一个非空变量(。非常感谢您的协助。
代替:
if(empty($usr_details['email'])=== true && empty($usr_details['password'])=== true){
试试这个:
if($usr_details['email'] === NULL || $usr_details['password'] === NULL){
对于空数据库值,NULL
更好。
编辑:
您的查询将返回空,因为您只检查了数据库中找不到的$usr_details['email']
。所以这个条件将被满足。
如果您想正确地获得此信息,请尝试使用username
或unique id
进行查询
$qry = mysqli_query($con,"select * from user where id=1");
或
$qry = mysqli_query($con,"select * from user where username='username'");
或者,您应该在查询中同时检查username
和password
$qry = mysqli_query($con,"select * from user where email='email' OR password='password'");
我刚刚发现问题在于我的查询,正如Lukas Hajdu所暗示的那样:
$qry_email = mysqli_query($con, "SELECT email FROM users WHERE email='$usr_email'") or die(mysqli_error($con));
出于某种原因,它只在数据库中已经存在电子邮件地址的情况下才进行if(empty($usr_details['email'])=== true && empty($usr_details['password'])=== true){
检查。
为了解决这个问题,我不得不形成另一个查询:
$qry_user = mysqli_query($con, "SELECT * FROM users WHERE username='$user'") or die(mysqli_error($con));
$usr_details = mysqli_fetch_assoc($qry_user);
我不知道为什么会出现这种情况,也不知道如何改进我的代码。因此,请随时提供建议:(