dongsu4345 2012-01-06 08:46
浏览 12
已采纳

即使没有,也会调用错误消息

I'm trying to check if an email exists in the system, before a user is created. I'm using PHP and jQuery (AJAX, plugin).

Even though there is none in the database with the same email, my script writes that there is an existing identical e-mail. But it still creates the user (which it should).

If there is an existing e-mail, it's not creating the user, and it's writing the correct error message.

I don't know if it's my AJAX that's wrong?

My PHP: 

$check_email = mysql_query("SELECT * FROM table WHERE email='$email'");
$email_count = mysql_num_rows($check_email);

if($email_count>0){
echo "Email exists";
    return false;
}

And my jQuery:

$(function() {  
    $("#goNewUser").click(function() {  
        // validate and process form here  

        var username = $("input#username").val();  
        if(username == "") {
            $("input#username").focus();  
        return false;
        }

        var email = $("input#email").val();  
        if(email == "") {  
            $("input#email").focus();  
        return false;
        }

        var password = $("input#password").val();  
        if(password == "") {  
            $("input#password").focus();  
        return false;
        } 

        var salt = $("input#salt").val();
        if(salt == ""){
            $("input#username").focus();
        return false;
        }

        var dataString = 'username=' + username + '&email=' + email + '&password=' + password + '&salt=' + salt;  
        //alert (dataString);
        $.ajax({  
            type: "POST",  
            url: "includes/classes/handler.php?do=addLogin",
            data: dataString,  
            success: function(returnedData){

                if(returnedData == ''){
                    $('.sideBarNewUserWrap').fadeOut();
                } else {
                    $('.errorMessage').fadeIn().html(returnedData);
                }

            }
        });  
        return false;
  });  
});
  • 写回答

1条回答 默认 最新

  • douzhenggui8171 2012-01-06 09:11
    关注

    1. You'd better use PDO ;) It does all the protection needed if you use it right. Because now you have a lot of security holes - you do no query escaping, you are checking for field value equality (while it is better to use regular expression or at least truncate the value from possible spaces)

    2. Your check is a bit rough. Try to use SELECT COUNT(*) as cnt FROM table WHERE email = '$email'; and check if intval($first_row_of_result['cnt']) > 0.

    3. How do you perform a user creation process? If your code is previous to the user creation one and both they are parts of one function - yeah, you are right. You are right if you perform if (!email_exists($email)) return false; before creating a user. Otherwise i can not tell for sure if that process is correct.

    Oh, yeah...

    var dataString = 'username=' + username + '&email=' + email + '&password=' + password + '&salt=' + salt;  

$.ajax({  
    type: "POST",  
    url: "includes/classes/handler.php?do=addLogin",
    data: dataString,  
    success: function(returnedData){ }
});

    It is surely better do not use manual data escaping - try passing JSON object instead of dataString. jQuery will handle it for sure.

    And you'd better use FireBug or other tool to replace any alert(something) with console.log(something) - it is more pretty ;)

    And one more: you'd better use negate condition: 

    if (returnedData){
  $('.errorMessage').fadeIn().html(returnedData);
} else {
  $('.sideBarNewUserWrap').fadeOut();
}

    Hope any of that would help you.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 有了解d3和topogram.js库的吗?有偿请教
  • ¥100 任意维数的K均值聚类
  • ¥15 stamps做sbas-insar,时序沉降图怎么画
  • ¥15 unity第一人称射击小游戏,有demo,在原脚本的基础上进行修改以达到要求
  • ¥15 买了个传感器,根据商家发的代码和步骤使用但是代码报错了不会改,有没有人可以看看
  • ¥15 关于#Java#的问题,如何解决?
  • ¥15 加热介质是液体,换热器壳侧导热系数和总的导热系数怎么算
  • ¥100 嵌入式系统基于PIC16F882和热敏电阻的数字温度计
  • ¥15 cmd cl 0x000007b
  • ¥20 BAPI_PR_CHANGE how to add account assignment information for service line