<?php
include"include/connection.php";
$checkusername=mysql_query("SELECT * FROM employer WHERE eusername='$username'");
if (mysql_num_rows($checkusername)==1)
{
echo "username already exist";
}
else
{
$query = "insert into employer(efname,elname,egender,eemail,eusername,epwd,eadd,ephone,ecity,ecountry) values ('".$_POST['first_name']."','".$_POST['last_name']."','".$_POST['gender']."','".$_POST['email']."','".$_POST['username']."','".$_POST['password']."','".$_POST['address']."','".$_POST['phone']."','".$_POST['city']."','".$_POST['country']."')";
$result = mysql_query($query) or die (mysql_error());
echo " Thanks for registration";
}
?>
这是我的用于插入登记表数据到数据库中的代码。这段代码添加了数据,但也给出了一个解析错误,但是如果用户名已经存在则不会给出错误。用户注册的PHP
Notice: Undefined variable: username in C:\Program Files\EasyPHP5.3.0\www\register_hirer2.php on line 6
Thanks for registration
线6:
$checkusername=mysql_query("SELECT * FROM employer WHERE eusername='$username'");
停止。现在不要试图解决这个问题。你有更严重的。您对SQL注入攻击广泛开放。切换到参数化查询:http://stackoverflow.com/questions/60174/best-way-to-stop-sql-injection-in-php – Quentin 2009-12-26 14:45:41