javascript - jQuery 验证插件多个远程问题。是我还是bug？

Question

我在两步注册表单中使用 jQuery 验证插件。

在“第一步”中，我正在使用远程功能检查用户名和电子邮件的可用性。

这是错误(或我!):

• 如果数据库中存在用户名而电子邮件不存在，当我单击“下一步”按钮时，脚本会让我进入第二步。 (不应该，因为用户名存在!)

但是；

• 如果用户名不存在并且数据库中存在电子邮件，它会阻止我并警告我电子邮件存在。所以它正在工作。

• 如果数据库中同时存在用户名和电子邮件，也会阻止我。再次开始工作。

这是我正在使用的代码；

HTML:

<div class="tab-content">
    <p>Page.</p>
    <form class="form-horizontal" onsubmit="return false;" action="" method="post" id="myform">

    <div id="stepusername">

            <p>This is step 1</p>

            <input type="text" class="form-control" id="username" name="username" placeholder="Username" autocomplete="off"><br>

            <input type="email" class="form-control" id="email" name="email" placeholder="email" autocomplete="off"><br>            

            <p><a class="btn btn-primary next">Go to step 2</a></p>  

    </div><!-- signup_one ends -->

    <div id="stepemail">

            <p>This is step 2</p>

            <input type="password" class="form-control" id="password" name="password" placeholder="password" autocomplete="off"><br>

            <input type="password" class="form-control" id="conf_password" name="conf_password" placeholder="password" autocomplete="off"><br>              

            <input class="btn btn-success next" type="submit" value="Finish">

    </div><!-- step2 ends -->

    </form>

    <div id="stepsuccess">

    <p>Show result here.</p>

    </div><!-- success ends -->


</div><!-- tab-content ends -->

Java 脚本:

<script type="text/javascript">
    // jQuery.validate script, does client-side validation
    $(document).ready(function(){
        $(".next").click(function(){
            var form = $("#myform");
            form.validate({
                errorElement: 'div',
                errorClass: 'formerror',
                highlight: function(element, errorClass, validClass) {
                    $(element).closest('.form-group').addClass("has-error");
                },
                unhighlight: function(element, errorClass, validClass) {
                    $(element).closest('.form-group').removeClass("has-error");
                },
                rules: {
                    username: {
                        required: true,
                        remote: { 
                        url: "check-username.php",
                        async: false,
                        type: "post", }
                    },                                                          
                    password : {
                        required: true,
                    },
                    conf_password : {
                        required: true,
                        equalTo: '#password',
                    },
                    email: {
                        required: true,
                        remote: { 
                        url: "check-email.php",
                        async: false,
                        type: "post", }
                    },

                },

                messages: {
                    username: {
                        required: "Username required",
                        remote: "Taken username.",
                    },                                          
                    password : {
                        required: "Password required",
                    },
                    conf_password : {
                        required: "Password required",
                        equalTo: "Password don't match",
                    },
                    email: {
                        required: "Email required",
                        remote: "Taken email.",
                    },                          

                }

            });

            if (form.valid() === true){
                if ($('#stepusername').is(":visible")){
                    current_fs = $('#stepusername');
                    next_fs = $('#stepemail');
                }else if($('#stepemail').is(":visible")){
                    current_fs = $('#stepemail');
                    next_fs = $('#stepsuccess');
                }

                next_fs.show(); 
                current_fs.hide();
            }

        });

    });
</script>

更新:

check-username.php

<?php
error_reporting(E_ERROR | E_PARSE);
try {
    $handler = new PDO('mysql:host=localhost;dbname=users', 'root', '');
    $handler->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
} catch (PDOException $e) {  
     echo $e->getMessage(); 
     die(); 
}

$request = $_REQUEST['username'];
$query = $handler->query("SELECT * from usertable WHERE username='$request'");
$results = $query->fetch(PDO::FETCH_ASSOC);

if(empty($request)) {
    echo 'false' ;
}else {

if ($results == 0) {
$valid = 'true';
}
else {
$valid = 'false';
 }

echo $valid ;
}
?>

check-email.php

<?php
error_reporting(E_ERROR | E_PARSE);
try {
    $handler = new PDO('mysql:host=localhost;dbname=users', 'root', '');
    $handler->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
} catch (PDOException $e) {  
     echo $e->getMessage(); 
     die(); 
}

$request = $_REQUEST['email'];
$query = $handler->query("SELECT * from usertable WHERE email='$request'");
$results = $query->fetch(PDO::FETCH_ASSOC);

if(empty($request)) {
    echo 'false' ;
}else {

if ($results == 0) {
$valid = 'true';
}
else {
$valid = 'false';
 }

echo $valid ;
}
?>

还有 jsFiddle 如果你想看的话:http://jsfiddle.net/noptpece/

Answer 1

$query = $handler->query("SELECT * from usertable WHERE username='$request'");

此行不查找，如果用户存在，其名称等于$request的内容，它会查找name“$request”的用户是否存在，与电子邮件相同。

PHP 中的字符串组合工作方式不同，您应该这样写

$query = $handler->query("SELECT * from usertable WHERE username=".$request);

此外，您永远不应该使用这样的 MySQL 查询，因为注入(inject) SQL 代码并破坏整个数据库是世界上最简单的事情。