0
我有模态引导注册公告形式ajax后和PHP,但在两次数据库插入数据数据在数据库中插入两次,阿贾克斯后
我的模式:
<div id="register" class="modal fade" role="dialog">
<div class="modal-dialog">
<!-- Modal content-->
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal">×</button>
<h4 class="modal-title">New Member</h4>
</div>
<div class="modal-body">
<div class="msg"></div>
<form id="regist" action="/model/php/ajax.php" method="post" accept-charset="utf-8" >
<div class="form-group">
<label for="usr">username:</label>
<input type="text" name="user" class="form-control" id="usr">
</div>
<div class="form-group">
<label for="ugame">name in game :</label>
<input type="text" name="ugame" class="form-control" id="ugame">
</div>
<div class="form-group">
<label for="pwd">password :</label>
<input type="password" name="pwd" class="form-control" id="pwd">
</div>
<div class="g-recaptcha" data-sitekey="<?php echo key; ?>"></div>
<button type="submit" id="signup" class="btn btn-success btn-lg">Signup<span class="glyphicon glyphicon-user"></span></button>
</form> </div>
<div class="modal-footer">
<button type="button" class="btn btn-info" data-dismiss="modal">close</button>
</div>
</div>
</div>
</div>
这里Ajax代码:
<script>
$(document).ready(function() {
$("#regist").on("submit", function(e) {
var postData = $(this).serializeArray();
var formURL = $(this).attr("action");
$.ajax({
url: formURL,
type: "POST",
data: postData,
success: function(data, textStatus, jqXHR) {
$('.msg').html(data);
$('.inf').remove();
},
error: function(jqXHR, status, error) {
console.log(status + ": " + error);
}
});
e.preventDefault();
});
$("#signup").on('click', function() {
$("#regist").submit();
});
});
</script>
发送邮政[Action="ajax.php"],
这里ajax.php代码:
<meta charset="UTF-8">
<?php
include '../db.php';
include '../../lang/lang.ar.php';
if(empty($_POST['user']) || empty($_POST['ugame']) || empty($_POST['pwd']))
{
echo $lang['empty'];
}else{
$q=mysqli_query($link,"SELECT * FROM accounts WHERE Username = '".$_POST['ugame']."'");
$q2=mysqli_query($link,"SELECT * FROM customers WHERE uname = '".$_POST['user']."'");
if(mysqli_num_rows($q) == 0)
{
echo $lang['ugame_!exist'];
}else if(mysqli_num_rows($q2) != 0)
{
echo $lang['exist'];
}else if(strpos($_POST['user'],';') !== false || strpos($_POST['user'],'-') !== false || strpos($_POST['user'],'#') !== false || strpos($_POST['user'],'@') !== false || strpos($_POST['user'],':') !== false || strpos($_POST['user'],'*') !== false)
{
echo $lang['not_allowed'];
}else if(strpos($_POST['user'],' ') !== false){
echo $lang['space'];
}else if(strlen($_POST['pwd']) < 6){
echo $lang['small_pass'];
}else if(strlen($_POST['user']) < 6){
echo $lang['small_user'];
}else if(strlen($_POST['pwd']) > 14){
echo $lang['larg_pass'];
}else if(strlen($_POST['user']) > 32){
echo $lang['larg_user'];
}else{
$date = date("y-m-d");
$stamp = date('Y-m-d\TH:i:s');
$done = mysqli_query($link,"INSERT INTO customers (uname,upass,ugame,date) VALUES ('".$_POST['user']."','".$_POST['pwd']."','".$_POST['ugame']."','".$date."')");
mysqli_query($link,"INSERT INTO notification (text,icon,date) VALUES ('New Account registred [ ".$_POST['user']." ]','icon-user','".$stamp."')");
echo $lang['register_done'];
}
}
?>
检查您的网络选项卡,看看它是否只有1个请求通过。另外,点击提交/注册时页面是否重新加载? – Darren
以下/回答@Darren评论后,您应该参数化您的查询。这对SQL注入是开放的。 http://php.net/manual/en/mysqli.quickstart.prepared-statements.php – chris85