dpqaaczn141761 2015-07-01 10:19
浏览 154
已采纳

PHP - MySQLi处理查询两次或错误

I have this really strange bug, which I do not understand at all. I have the following PHP script which behaves in two ways.

This script shell add new users to a mysql database. What I want to do is to check, whether a username is already in the database. If it is, set a variable that is used to decide on how to proceed. If I execute this code, this line

if(strcmp($row["username"], $addUser_name) == 0)

is executed (or better jumped in), but I am 100 % sure, that the name does NOT (or is not supposed to) exist in the database before this line is beeing executed. Now even though $errorName is set to one and test is beeing printed, the dataset which I wanted to add to my database occures in my database, but the last part which starts at

if(!isset($errorName))

is not executed. I checked it with simple echo statements over and over again.

To take a look at my dataset I removed the comment in this part

while ($row = mysqli_fetch_assoc($allUserNames))
{
    echo $row["username"]."
";
}

this part is beeing executed correctly

if(!isset($errorName))

but I find the dataset twice in my database.

I do nto understand at all, why the scipt is behaving the way it does. I have tried many different things but I can not figure out, what I am doing wrong.

<?php
    include "auth/auth1.php";
    include "functions/connectToDB.php";
    include "functions/test_input_XSS.php";

    if(isset($_GET["startCheck"])) //TODO Mache auch GET noch POST
    {
        //Sollte niemals true sein! Passiert nur, wenn man Unsinn macht
        if(strcmp($_GET["addUser_pw"], $_GET["addUser_pwRepeat"]) !== 0) { die; }

        $servername     = "localhost";
        $databasename   = "X";
        $mysqluser      = "X";
        $mysqlpass      = "X";
        $addUser_name   = $_GET["addUser_name"];

        $connection = connectToDB($servername, $mysqluser, $mysqlpass, $databasename);

        if(mysqli_connect_errno())
        {
            printf("Connect failed!");
            die();
        }

        $query_getAllUserNames = "SELECT username FROM user;";
        $allUserNames = mysqli_query($connection, $query_getAllUserNames);

        /*while ($row = mysqli_fetch_assoc($allUserNames))
        {
            echo $row["username"]."
";
        }*/

        while ($row = mysqli_fetch_assoc($allUserNames))
        {
            if(strcmp($row["username"], $addUser_name) == 0)
            {
                $errorName = 1;
                echo "test";
            }
        }

        if(!isset($errorName))
        {
            $username = test_input_for_XSS($_GET["addUser_name"]);
            $password = hash("sha256", $_GET["addUser_pw"]);
            $permission = test_input_for_XSS($_GET["addUser_permission"]);

            $query_addUser = "INSERT INTO user (username, passwordhash, permissionlevel) VALUES ('".$username."', '".$password."', '".$permission."');";

            $addUserSuccess = mysqli_query($connection, $query_addUser);

            if($addUserSuccess !== 1)
            {
                $hostname = $_SERVER['HTTP_HOST'];
                $path = dirname($_SERVER['PHP_SELF']);
                echo"Success";
                //header("Location: http://".$hostname.($path == "/" ? "" : $path)."/userManagment.php?added=".$username."");
            }
            else
            {
                echo "ANNOYING_ERROR";
            }
        }

        //Tidy up
        mysqli_free_result($allUserNames);
        mysqli_close($connection);
    }
?>

This is the corresponding HTML code, which follows in the same file just afterwards:

        <?php
            include "home.php";
        ?>

        <section>
            <h3>Einen neuen Benutzer hinzufügen</h3>

            <?php
                if(isset($errorName))
                {
                    echo '<p class="warningMessage">Der Nutzername <b>'.$_GET["addUser_name"].'</b> ist bereits vergeben.<br />Bitte wählen Sie einen anderen aus!</p>';
                }
            ?>

            <form method="GET" action="addUser.php">
                <table>
                    <tr>
                        <td>Nutzername:</td>
                        <td><input type="text" name="addUser_name" required pattern="\w+" /></td>
                        <td></td>
                        <td class="annotation">z.B.: Vorname</td>
                    </tr>

                    <tr>
                        <td>Passwort:</td>
                        <td><input type="password" name="addUser_pw" required pattern="(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{6,}" title="Passwort muss mindestens 6 Zeichen, Groß- und Kleinbuchstaben, sowie Zahlen enthalten"
                                    onChange="this.setCustomValidity(this.validity.patternMismatch ? '' : ''); if(this.checkValidity()){ form.addUser_pwRepeat.pattern = this.value; }" /></td>
                        <td></td>
                        <td class="annotation">Muss Groß- und Kleinbuchstaben, Zahlen und mindestens 6 Zeichen enthalten</td>
                    </tr>
                    <tr>
                        <td>Passwort wiederholen:</td>
                        <td><input type="password" name="addUser_pwRepeat" required pattern="(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{6,}" /></td>
                        <td></td>
                        <td class="annotation">Muss identisch sein zum ersten eingegebenen Passwort</td>
                    </tr>
                    <tr>
                        <td>Berechtigungslevel:</td>
                        <td>
                            <input type="radio" name="addUser_permission" value="1" checked />1<br />
                            <input type="radio" name="addUser_permission" value="2" />2
                        </td>
                    </tr>
                </table>
                <input type="hidden" name="startCheck" value="1" />
                <input type="submit" value="Nutzer hinzufügen" class="button" />
            </form>
        </section>
    </body>
</html>

If my problem is not clearly enough described, I will gladly provide any additional information that is required.

  • 写回答

2条回答 默认 最新

  • doudun6928 2015-07-01 10:30
    关注

    I would suggest you not to fetch all the usernames and check if there is a same Username via PHP. You could simply make a query like this

    $result=$connection->query("SELECT username FROM user WHERE username='".$connection->real_escape_string($addUser_name)."';"); 
    

    and then check if the query return to you any row

    if($result -> num_rows > 0)
    {
      //the username is already in use
    }
    else
    {
      //the username is unique
    }
    
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?