0

我对 PHP 很陌生。下面的代码是从我在网上找到的众多教程中拼凑而成的,它正在按照我的意愿工作。我收到了一封来自导师的电子邮件,要求我们添加代码以防止输入重复的电子邮件地址。我有需要添加的代码,但我不知道它应该去哪里。

这是现有的代码:

<?
include('config.php');

// table name 
$tbl_name=temp_members;

// Random confirmation code 
$confirm_code=md5(uniqid(rand()));

// values sent from form 
$email=$_POST['email'];
$password=$_POST['password'];
$firstname=$_POST['firstName'];
$lastname=$_POST['lastName'];

// Insert data into database 
$sql="INSERT INTO $tbl_name(confirm_code, email, password, firstname,     lastname)VALUES('$confirm_code', '$email', '$password', '$firstname', '$lastname')";
$result=mysql_query($sql);



// if suceesfully inserted data into database, send confirmation link to email 
if($result){

// ---------------- SEND MAIL FORM ----------------

// send e-mail to ...
$to=$email;

// Your subject
$subject="Francis Flower confirmation link";

// From
$headers="from: Francis Flower Admin <francis.flower.contact@gmail.com>";
$headers .= "MIME-Version: 1.0\r\n";
$headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n";

// Your message
$message = '<html><head>';
$message .= '<style type="text/css">
                        body {
                            font-family: Helvetica,         Arial;
                        }
                        .center {
                            text-align: left;
                        }
                        </style>';
$message .= '<body><div class="center"><img src="http://www.jblanksby.yourwebsolution.net/images/logo.png"/>';
$message .= "<p>Dear " .$_POST['firstName']. "&nbsp;" .$_POST['lastName'].", </p>";
$message .= '<p>Thank you for signing up for an account at Francis Flower. </p>';
$message .= '<p>Your new account details are below: </p>';
$message .= "<p>Email Address: ".$_POST['email']. "</p>";
$message .= "<p>Password: " .$_POST['password']. "</p>";
$message .= "<p>Before you can login, you need to activate your account using the link below:</p>";
$message .= "<p>Click on this link to activate your account</p>";
$message .= "<p>http://jblanksby.yourwebsolution.net/confirmation.php?passkey=$confirm_code</p>";
$message .= '</div></body></html>';

// send email
$sentmail = mail($to,$subject,$message,$headers);

}

// if not found 
else {
echo "Not found your email in our database";
}

// if your email succesfully sent
if($sentmail){ ?>
echo "Mail has been sent";
} else { 
echo "Mail has not been sent"}; 
?>

这是捕获我希望包含在上述代码中的重复电子邮件的代码:

$query = "SELECT * FROM $tbl_name WHERE email = '{$email}'";

$result = mysql_query($query);

if ( mysql_num_rows ( $result ) > 1 )
{
    /* Username already exists */
    echo 'Username already exists';
}
else
{
    /* Username doesn't exist */
    /* .. insert query */
}

任何有这个的助手都会很棒!

4

2 回答 2

0

它应该放在你做INSERT陈述之前。

请注意,您的脚本容易受到 SQL 注入攻击。至少,调用mysql_real_escape_string()您的$_POST输入值:

// Get email from the form before checking if it was already inserted
// you don't need the other form values yet...
$email = mysql_real_escape_string($_POST['email']);

$query = "SELECT * FROM $tbl_name WHERE email = '{$email}'";
$result_eml = mysql_query($query);

// Added some error checking here to make sure the query succeeded
// Also here, check for > 0, not > 1 -- you want to find out if 1 or more rows exist, not that 2 or more exist...
if ( $result_eml && mysql_num_rows ( $result_eml ) > 0 )
{
    /* Username already exists */
    echo 'Username already exists';
}
else if (!$result) {
   // error in query
}
else
{

  // table name 
  $tbl_name=temp_members;

  // Random confirmation code 
  $confirm_code=md5(uniqid(rand()));

  // Other values sent from form 
  $password = mysql_real_escape_string($_POST['password']);
  $firstname = mysql_real_escape_string($_POST['firstName']);
  $lastname = mysql_real_escape_string($_POST['lastName']);

  // Insert data into database 
  $sql="INSERT INTO $tbl_name(confirm_code, email, password, firstname,     lastname)VALUES('$confirm_code', '$email', '$password', '$firstname', '$lastname')";
  $result=mysql_query($sql);

  // etc....

}

我不确定这是用于作业还是用于生产代码,但我会补充一点,通过电子邮件发送用户密码是一个非常糟糕的主意。电子邮件基本上就像一张明信片——除非你用加密方式发送它(现在地球上几乎没有人这样做),它可以被任何服务器管理员从发送点到接收点的网络路径上的任何地方读取。

于 2012-04-23T12:29:45.650 回答
0

你可以做几件事。您可以在数据库上放置一个 unquie 键,这会在插入重复行时给您一个 mysql 错误。

您还可以在使用当前数据插入之前检查数据库,以确保在插入之前没有返回任何行。

这些只是您可以使用的一些想法。

另外,使用 PDO 进行检查

于 2012-04-23T12:40:38.690 回答