如何检查PHP中MySQL数据库中是否存在值?

时间:2020-12-27 04:28:20

I am new to PHP but I like to create a script that checks if an email is in my MySQL Database, the Database name is "Fily_Registrations", the table is "users" and the value is called "email". So basically if an the email "hi@all.com" exists in my database and I call the php script like "http://path/to/php.php?email=hi@all.com" it should echo out "YES" if it don't exists it should echo out "NO".

我是PHP的新手,但我喜欢创建一个脚本来检查电子邮件是否在我的MySQL数据库中,数据库名称是“Fily_Registrations”,表是“用户”,值是“电子邮件”。所以基本上如果我的数据库中存在电子邮件“hi@all.com”并且我调用了像“http://path/to/php.php?email=hi@all.com”这样的php脚本,它应该回应出来“是“如果它不存在,它应该回显”否“。

This is how fare I am now, but it always echoes out "NO":

这就是我现在的票价,但总是回应“不”:

<?php

$email = $_GET["email"];
$DataBase = "Fily_Registrations";
mysql_connect("server", "username", "password") or die(mysql_error());
mysql_select_db($DataBase) or die(mysql_error());
$string = sprintf("SELECT '$DataBase' FROM users WHERE email = '$email'");
$query = msql_query($string);
if($query == false) {
     echo("No");
} else {
    echo("Yes");
}
?>

Does anyone know how to fix this?

有谁知道如何解决这一问题?

3 个解决方案

#1

5  

If database is Fily_Registrations then the query is wrong. Try this:

如果数据库是Fily_Registrations,那么查询是错误的。尝试这个:

$email = mysql_real_escape($_GET["email"]);
$DataBase = "Fily_Registrations";
mysql_connect("server", "username", "password") or die(mysql_error());
mysql_select_db($DataBase) or die(mysql_error());
$query = "SELECT * FROM users WHERE email = '{$email}'";
$result = mysql_query($query);
echo (mysql_num_rows($result) == 0) ? 'NO' : 'YES';

mysql_query returns false if query is not correct. Read first http://pl1.php.net/mysql_query and consider using PDO (http://pl1.php.net/pdo) instead of normal mysql_query.

如果查询不正确,mysql_query将返回false。首先阅读http://pl1.php.net/mysql_query并考虑使用PDO(http://pl1.php.net/pdo)而不是普通的mysql_query。

#2

0  

Your code should be something like this:

你的代码应该是这样的:

<?php

$email = $_GET["email"];
$DataBase = "Fily_Registrations";
mysql_connect("server", "username", "password") or die(mysql_error());
mysql_select_db($DataBase) or die(mysql_error());
$string = mysql_real_escape("SELECT * FROM users WHERE email = '$email'");
$query = msql_query($string);
if($query) {
     echo mysql_num_rows($query) > 0 ? "YES" : "NO";
} else {
    echo("====some error===");
}
?>

mysql_num_rows : http://pt1.php.net/manual/en/function.mysql-num-rows.php mysql_real_escape: http://pt2.php.net/mysql_real_escape_string

mysql_num_rows:http://pt1.php.net/manual/en/function.mysql-num-rows.php mysql_real_escape:http://pt2.php.net/mysql_real_escape_string

#3

0  

Not yet super safe, but better.

还不是超级安全,但更好。

  • Email checked for unsafe quotes with mysql_real_escape. Don't place too much trust on this thought. Some additional regex checking could be in order.
  • 使用mysql_real_escape检查电子邮件是否存在不安全的报价。不要过分信任这个想法。可以按顺序进行一些额外的正则表达式检查。

  • Prepared statements don't allow hidden mysql code execution from within parameters.

    准备好的语句不允许从参数内执行隐藏的mysql代码。

    $email = mysql_real_escape($_GET["email"]);
try {
 $connect = new PDO("mysql:host=server;dbname=Fily_Registrations;port=3306", "user", "password");
}catch(PDOException $e) {
  print "Error!: " . $e->getMessage();
  die();
}

$q= "SELECT * FROM users WHERE email = :EMAIL";
$statement = $connect->prepare($q);
$status = $statement->execute(array(":EMAIL"=>$email));

if (($status) && ($statement->rowCount() > 0))
{
  echo "YES";
} else {
  echo "NO";
}

Br, Kari

Br,Kari

#1

5  

If database is Fily_Registrations then the query is wrong. Try this:

如果数据库是Fily_Registrations,那么查询是错误的。尝试这个:

$email = mysql_real_escape($_GET["email"]);
$DataBase = "Fily_Registrations";
mysql_connect("server", "username", "password") or die(mysql_error());
mysql_select_db($DataBase) or die(mysql_error());
$query = "SELECT * FROM users WHERE email = '{$email}'";
$result = mysql_query($query);
echo (mysql_num_rows($result) == 0) ? 'NO' : 'YES';

mysql_query returns false if query is not correct. Read first http://pl1.php.net/mysql_query and consider using PDO (http://pl1.php.net/pdo) instead of normal mysql_query.

如果查询不正确,mysql_query将返回false。首先阅读http://pl1.php.net/mysql_query并考虑使用PDO(http://pl1.php.net/pdo)而不是普通的mysql_query。

#2

0  

Your code should be something like this:

你的代码应该是这样的:

<?php

$email = $_GET["email"];
$DataBase = "Fily_Registrations";
mysql_connect("server", "username", "password") or die(mysql_error());
mysql_select_db($DataBase) or die(mysql_error());
$string = mysql_real_escape("SELECT * FROM users WHERE email = '$email'");
$query = msql_query($string);
if($query) {
     echo mysql_num_rows($query) > 0 ? "YES" : "NO";
} else {
    echo("====some error===");
}
?>

mysql_num_rows : http://pt1.php.net/manual/en/function.mysql-num-rows.php mysql_real_escape: http://pt2.php.net/mysql_real_escape_string

mysql_num_rows:http://pt1.php.net/manual/en/function.mysql-num-rows.php mysql_real_escape:http://pt2.php.net/mysql_real_escape_string

#3

0  

Not yet super safe, but better.

还不是超级安全,但更好。

  • Email checked for unsafe quotes with mysql_real_escape. Don't place too much trust on this thought. Some additional regex checking could be in order.
  • 使用mysql_real_escape检查电子邮件是否存在不安全的报价。不要过分信任这个想法。可以按顺序进行一些额外的正则表达式检查。

  • Prepared statements don't allow hidden mysql code execution from within parameters.

    准备好的语句不允许从参数内执行隐藏的mysql代码。

    $email = mysql_real_escape($_GET["email"]);
try {
 $connect = new PDO("mysql:host=server;dbname=Fily_Registrations;port=3306", "user", "password");
}catch(PDOException $e) {
  print "Error!: " . $e->getMessage();
  die();
}

$q= "SELECT * FROM users WHERE email = :EMAIL";
$statement = $connect->prepare($q);
$status = $statement->execute(array(":EMAIL"=>$email));

if (($status) && ($statement->rowCount() > 0))
{
  echo "YES";
} else {
  echo "NO";
}

Br, Kari

Br,Kari

标签:

相关文章