uda*_*aya 4 php mysql select if-statement
我有一个文本框UserName和Check Availability旁边的按钮.....我通过传递UserName文本框值检查了可用性.....但它似乎没有工作....
这是我在做什么?
echo $UserName = $_GET['CheckUsername'];
$_SESSION['state'] = $State;
$queryres = "SELECT dUser_name FROM tbl_login WHERE dUser_name='$UserName'";
$result = mysql_query($queryres,$cn) or die("Selection Query Failed !!!");
if($result==true) // this condition doesn't seem to work
{
echo "User Name Available";
}
else
{
echo "Sorry user name taken";
}
awg*_*wgy 15
请确保您正在逃避MySQL的输入.直接从传递数据$_GET,$_POST或任何其它超全局是不安全的.
// Escape any quote characters in the input
$UserName = mysql_real_escape_string($_GET['CheckUsername'], $cn);
$_SESSION['state'] = $State;
$queryres = "SELECT dUser_name FROM tbl_login WHERE dUser_name='$UserName' LIMIT 1";
$result = mysql_query($queryres, $cn) or die("Selection Query Failed !!!");
if (mysql_num_rows($result) > 0) {
echo 'User name exists in the table.';
} else {
echo 'User name does not exist in the table.';
}
| 归档时间: |
|
| 查看次数: |
35614 次 |
| 最近记录: |