如果用户许可证已经在数据库中,我使此代码实时显示,代码可以减半..仅在数据库中显示错误,但是当许可证不是时,不会显示我什么都没有..你能看到我的错误在哪里,以及这段代码是否对SQL注入是安全的吗?
法典:
<?php
sleep(1);
include('connection.php');
if($_REQUEST)
{
try {
$stmt = $conn->prepare('SELECT license FROM users_lic WHERE license = ?');
$stmt->bindParam(1, $_REQUEST['license']);
$stmt->execute();
while($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
if($row['license'] > 0) // not available
{
echo '<div id="Error">The license is already in our system</div>';
}
else
{
echo '<div id="Success">The license does not exist in our system</div>';
}
}
}
catch(PDOException $e) {
echo 'ERROR: ' . $e->getMessage();
}
}
?>
JS:
$(document).ready(function() {
$('#lic').blur(function(){
$('#Info_lic').html('<img src="img/loaders/loader.gif" alt="loader" />').fadeOut(1000);
var license = $(this).val();
var dataString = 'license='+license;
$.ajax({
type: "POST",
url: "includes/val_lic.php",
data: dataString,
success: function(data) {
$('#Info_lic').fadeIn(1000).html(data);
//alert(data);
}
});
});
});
许可证表格的部分:
<div class="span4">
<label><b>License : </b></label><input type="text" class="input-block-level" id="lic" name="license" />
<div id="Info_lic"></div>
</div>
将您的行检查放在您的 while
循环之外,我已将if($row['license'] > 0)
更改为if($stmt->rowCount() > 0)
现在就试试吧。(在我的服务器上测试)
<?php
sleep(1);
include('connection.php');
if($_REQUEST)
{
try {
$stmt = $conn->prepare('SELECT license FROM users_lic WHERE license = ?');
$stmt->bindParam(1, $_REQUEST['license']);
$stmt->execute();
while($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
}
}
catch(PDOException $e) {
echo 'ERROR: ' . $e->getMessage();
}
if($stmt->rowCount() > 0)
{
echo '<div id="Error">The license is already in our system</div>';
}
else
{
echo '<div id="Success">The license does not exist in our system</div>';
}
}
?>