Ask for a question. if the user name exists during registration, it will not be successfully registered. in this case, the user name can still be registered.
Script $ (function () {// check whether the user name exists $ ("# name "). blur (function () {// $ parent = $ ("# user_name "). parent (); $. get ("deal. php ", {username: $ (" # name "). val ()}, function (data) {if (data. status = 1) {$ ("# namep" ).html ('user name already exists '); // $ parent. append (''+ data +'') ;}}, 'json') ;}); // submit registration $ ("# sub "). click (function () {// var rule =/^ [-\ da-zA-Z! @ # $ % ^ & * _] * $/; Var reg =/^ [A-Za-z0-9] + $/; var v = $. trim ($ ("# password "). val (); if ($ ("# name "). val () = ''| $. trim ($ ("# password "). val () = ''| $ (" # confirmpassword "). val () = '') {if ($. trim ($ ("# name "). val () = '') {$ (" # namep ").html ('user name cannot be blank '); $ (" # name "). focus ();} else {$ ("# namep" ).html ('');} if ($. trim ($ ("# password "). val () = '') {$ (" # pwdp ").html ('password cannot be blank '); $ (" # password "). focus ();} else {$ ("# pwdp" ).html ('');} If ($ (" # confirmpassword "). val () = '') {$ (" # confirmpwd ").html ('confirm password cannot be blank '); $ (" # confirmpassword "). focus ();} else {$ ("# confirmpwd" ).html ('') ;}} else if ($ (" # confirmpassword "). val ()! = $ ("# Password "). val () {$ ("# confirmpwd" ).html ('confirm incorrect password'); $ ("# namep, # pwdp" ).html ('');} else if (reg. test (v) {$ ("# pwdp" ).html ('incorrect password format'); $ ("# namep, # confirmpwd" ).html ('');} else {$. post ("deal. php ", {name: $ (" # name "). val (), password: $ ("# password "). val (), code: $ ("# TextBox2 "). val ()}, function (data) {if (data. status = 1) {alert ('registered successfully'); $ ("# namep, # pwdp, # confirmpwd" ).html ('');} else {alert ('verification code error! '); $ ("# Namep, # pwdp, # confirmpwd" ).html ('') ;}, 'json') ;}}); script
Reply to discussion (solution)
Disable JS. your code is useless.
The backend must also be judged.
All client verification can be bypassed. this must be done on the server side. the front-end js is only used to provide a better experience.
Add the user existence judgment in your final commit program.
All client verification can be bypassed. this must be done on the server side. the front-end js is only used to provide a better experience.
Add the user existence judgment in your final commit program.
// Determine whether the get method or POSTif ($ _ SERVER ['request _ method'] = 'get') {$ name1 = $ _ GET ['username']; $ SQL = "select * from users where name = '$ name1'"; $ result = mysql_query ($ SQL); $ num = mysql_num_rows ($ result ); if ($ num = 0) {echo '{"status": "2"}';} else {// echo "username exists"; echo '{"status ": "1"} ';}} else {$ name = trim ($ _ POST ['name']); $ password = trim (md5 ($ _ POST ['password']); $ code = trim ($ _ POST ['code']); if (strlen ($ code)> 1 and $ code! ==$ _ SESSION ['code']) {$ SQL = "insert into users (name, password) values ('{$ name }', '{$ password}'); "; $ res = mysql_query ($ SQL); if ($ res) {echo '{" name ":"'. $ name. '"," password ":"'. $ password. '"," status ":" 1 "}' ;}} else {echo '{" status ":" 2 "}';}}
This is a backend processor. how can this problem be solved?
When you run $. post (), you do not determine whether $ ("# namep" ).html () is empty (the user name exists)
That is, $. post () will be executed no matter whether the user name exists.
When you execute $ SQL = "insert into users (name, password) values ('{$ name}', '{$ password, the user name does not exist.
That is, no matter whether the user name exists or not, $. post () $ res = mysql_query ($ SQL); will be executed
The two omissions are the reason why the account name can still be registered.
When you run $. post (), you do not determine whether $ ("# namep" ).html () is empty (the user name exists)
That is, $. post () will be executed no matter whether the user name exists.
When you execute $ SQL = "insert into users (name, password) values ('{$ name}', '{$ password, the user name does not exist.
That is, no matter whether the user name exists or not, $. post () $ res = mysql_query ($ SQL); will be executed
The two omissions are the reason why the account name can still be registered.
So I think my code is unreasonable. when I submit a click event, I check the user name and trigger an event. in this way, I cannot determine whether the user name exists during registration, I think we need to change the writing method.
Don't you think it is very troublesome?
You can use JavaScript to perform simple field verification on the front-end. if you want to implement non-repeated registration, put it in the backend. example: Zhang San
First, check whether there is Michael in the database.
The key is that php end Verification is too simple and there will be SQL injection problems...