检查用户登录时的多种条件
我想完成以下任务:
如果用户名或密码字段为空,则通知用户。如果用户名已存在,则不插入数据库并通知用户创建不同的名称。如果用户名唯一并且密码不为空,则将用户名返回给用户。 截至目前,它总是返回“请输入不同的用户名”。我相信这个问题与数据库查询有关,但我不确定。如果有人可以看一下我是否犯了错误,我非常感激,谢谢。
if ($userName or $userPassword = null)
{
echo "Please enter a user name and password or return to the homepage.";
}
elseif (mysql_num_rows(mysql_query("SELECT count(userName) FROM logininfo WHERE userName = '$userName'")) ==1)
{
echo "Please enter a different user name.";
}
elseif ($userName and $userPassword != null)
{
echo "Your login name is: $userName";
}
I would like to accomplish the following:
If a username or password field is null, notify the user. If user name already exists, do not insert into the database and notify user to create a different name. if the username is unique and password is not null, return the username to the user.
As of now it always returns "Please enter a different user name." I believe the issue has to do with the database query but I am not sure. If anyone can have a look and see if I am making an error, I greatly appreciate it, thanks.
if ($userName or $userPassword = null)
{
echo "Please enter a user name and password or return to the homepage.";
}
elseif (mysql_num_rows(mysql_query("SELECT count(userName) FROM logininfo WHERE userName = '$userName'")) ==1)
{
echo "Please enter a different user name.";
}
elseif ($userName and $userPassword != null)
{
echo "Your login name is: $userName";
}
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
这会检查
$userName
是否为true
(相当于$userName == true
),并且您正在分配null
到$userPassword
。你想要像$userName == '' || 这样的东西$用户密码==''
。SQL 注入的风险。在将值插入查询之前使用
mysql_real_escape_string
!此外,
mysql_num_rows
将始终返回 1 行,因此该表达式始终为true
。您需要查看这一行的值。如果此检查符合您的预期,则它与第一个检查相比是多余的。
使用类似这样的内容:
请注意,这距离理想的代码还很远,但我希望您明白这一点。
This checks if the
$userName
istrue
(equivalent to$userName == true
), and you're assigningnull
to$userPassword
. You want something like$userName == '' || $userPassword == ''
.Risk of SQL injection. Use
mysql_real_escape_string
before plugging values into queries!Also,
mysql_num_rows
will always return 1 row, hence this expression is alwaystrue
. You need to look at the value of this one row.If this check was what you'd intend it to be, it'd be redundant with the first check.
Use something like this:
Note that this is still far from ideal code, but I hope you get the idea.
应该是
但是,我怀疑您实际上并不想检查这些是否为空。假设您从输入字段填充这些变量,则空文本字段不为空;它是一个空字符串。您可以执行
!empty($userName)
来检查空文本字段。如果您想在单个条件中检查两个变量,则必须分别写出每个检查 -
($userName and $userPassword != null)
不会按您期望的方式工作,它应该为($userName != NULL and $userPassword != null)
。另外,当您检查变量是否等于某个值时,必须使用
==
运算符。否则,您会将变量分配给该值,这几乎不是您想要做的。should be
However, I suspect you don't actually want to check if these are null. Assuming you're filling these variables from input fields, an empty text field is NOT null; it's an empty string. You can do
!empty($userName)
to check for an empty text field.If you want to check two variable in single conditional, you have to write out each check separately -
($userName and $userPassword != null)
won't work the way you expect it to, it should be($userName != NULL and $userPassword != null)
.Also, when you're checking if a variable is equal to something, you have to use the
==
operator. Otherwise, you're assigning the variable to that value, which is pretty much never what you want to do.您可能需要以下内容。不过,非常基本。
但我可以建议一些不同的东西吗?不过,需要您更改应用程序的某些部分。
die('{"RESULT":"ERROR", "DESC" : "用户名未给出"}');
die('{"RESULT":"ERROR", "DESC" : "密码未给出"}');
die('{"RESULT":"ERROR", "DESC" : "INVALID USERNAME/PWD"}');
die('{"RESULT":"SUCCESS", "DESC" : "$escapedUsername"}'); // 此处也可以使用 json_encode($result)。
这些只是我的建议。我假设 mysql 不会给你带来任何问题。 :-)
You might need the below. Very basic, though.
But may I suggest something different. Will require you to change some portions of your app though.
die('{"RESULT":"ERROR", "DESC" : "USERNAME NOT GIVEN"}');
die('{"RESULT":"ERROR", "DESC" : "PASSWORD NOT GIVEN"}');
die('{"RESULT":"ERROR", "DESC" : "INVALID USERNAME/PWD"}');
die('{"RESULT":"SUCCESS", "DESC" : "$escapedUsername"}'); // can also use json_encode($result) here.
These are just my suggestions. I have assumed mysql doesnt give you any problem. :-)