dongye9991
2019-07-15 11:17
浏览 62
已采纳

为什么我的MySQL查询在PHP条件检查之前执行?

I'm learning to create conditional event where sql checkout data where is exists before inserting data so they don't conflicted.

i've tried using mysql row check in php then check if query empty before i tried to validate the query executed properly.

also trying to close db connection when conditional satisfied but it worthless anyway.

$user = addslashes(strtolower($usr));
$mail = addslashes(strtolower($mail));
$pass = md5(addslashes($pwd));

$check = $db->query("SELECT EXISTS(SELECT * 
                                   FROM `users`
                                   WHERE LOWER(`username`) = LOWER('$user')
                                      OR LOWER(`email`) = LOWER('$mail'))");

if (!$check) {
    $db->close();
    return false;
} else {
    $sql = "INSERT IGNORE INTO `users` (`username`, `password`, `email`)
                   VALUES ('$user', '$pass', '$mail')";
    $query = $db->query($sql);
    $db->close();
    return true;
}

I'm expecting it execute my queries while data was empty and return false while data has been existed.

图片转代码服务由CSDN问答提供 功能建议

我正在学习创建条件事件,其中在插入数据之前存在sql checkout数据,因此它们不会冲突 。

我尝试在php中使用mysql行检查,然后在我尝试验证查询执行正确之前检查查询是否为空。

还尝试 在条件满足时关闭数据库连接,但无论如何都没有价值。

  $ user = addslashes(strtolower($ usr)); 
  $ mail = addslashes(strtolower($ mail)); 
 $ pass = md5(addslashes($ pwd)); 
 
 $ check = $ db-> query(“SELECT EXISTS(SELECT * 
 FROM FROM)  users` 
 WHERE LOWER(`username`)= LOWER('$ user')
 OR LOWER(`email`)= LOWER('$ mail'))“); 
 
if(!$ check){  
 $ db-> close(); 
返回false; 
} else {
 $ sql =“INSERT IGNORE INTO`user`(`username`,`password`,`email`)
 VALUES(  '$ user','$ pass','$ mail')“; 
 $ query = $ db-> query($ sql); 
 $ db-> close(); 
返回true; \  n} 
   
 
 

我希望它在数据为空时执行我的查询,并在数据存在时返回false。

  • 写回答
  • 好问题 提建议
  • 追加酬金
  • 关注问题
  • 收藏
  • 邀请回答

2条回答 默认 最新

  • dphs48626 2019-07-15 11:35
    已采纳

    Your main issue is that $check will always be a truthy value, so long as the query never fails. If the query returns 0 rows, it is still a true object.

    You should instead check if there were any values returned. You can also simplify the query quite a bit, given that MySQL is case-insensitive, and you don't need to check if the result exists. Using a prepared statement, the code would look like this

    $stmt = $db->prepare("SELECT username FROM users WHERE username = ? OR email = ?");
    $stmt->bind_param("ss", $usr, $mail);
    $stmt->execute();
    $check = $stmt->fetch();
    $stmt->close(); 
    
    // True if the user exists 
    if ($check) { 
        return false;
    } else {
        $stmt = $db->prepare(" INSERT INTO users (username, password, email) VALUES (?, ?, LOWER(?))");
        $stmt->bind_param("sss", $usr, $pass, $mail);
        $stmt->execute();
        $stmt->close();
    }
    

    That said, you should not use md5() for passwords - use password_hash() with password_verify() instead.

    评论
    解决 无用
    打赏 举报
查看更多回答(1条)

相关推荐 更多相似问题