【问题标题】:Information not being entered into mysql database using PDO未使用 PDO 将信息输入 mysql 数据库
【发布时间】:2015-04-23 03:21:40
【问题描述】:

我有一个注册页面,用户可以在其中输入他们的姓名和电子邮件,然后会向他们发送一封激活电子邮件。这是有效的,但我被告知我需要使用 pdo 以使其更安全。现在,当我单击提交时,它会毫无错误地运行所有内容,但不会将用户添加到数据库中。这是我的代码:

<?
session_start();

include 'db.php';
$dbh = new PDO("mysql:host=$dbhost;dbname=$database_name", $dbusername, $dbpasswd);


// Define post fields into simple variables
$first_name = $_POST['first_name'];
$last_name = $_POST['last_name'];
$username = $_POST['username'];
$email_address = $_POST['email_address'];
$password = $_POST['password'];
$confirm_password = $_POST['confirm_password'];
$hash = password_hash($password, PASSWORD_DEFAULT);


/* Let's strip some slashes in case the user entered
any escaped characters. */

$first_name = stripslashes($first_name);
$last_name = stripslashes($last_name);
$username = stripslashes($username);
$email_address = stripslashes($email_address);



if((!$username) || (!$email_address)){
    echo 'You did not submit the following required information! <br />';
    if(!$username){
        echo "Username is a required field. Please enter it below.<br />";
    }
    if(!$email_address){
        echo "Email Address is a required field. Please enter it below.<br />";
    }
    include 'register.html'; // Show the form again!
    /* End the error checking and if everything is ok, we'll move on to
     creating the user account */
    exit();  //if the error checking has failed, we'll exit the script!
}


 if ( $password <> $confirm_password ){
    echo "<br /><strong><div style=color:#FF0000;><center>Password and confirm password do not match!<BR></center></div></strong>";
    include 'register.html';
    exit(); 
}


/* Let's do some checking and ensure that the user's email address or username
 does not exist in the database */

 $sql_email_check = mysql_query("SELECT email_address FROM users WHERE email_address='$email_address'");
 $sql_username_check = mysql_query("SELECT username FROM users WHERE username='$username'");

 $email_check = mysql_num_rows($sql_email_check);
 $username_check = mysql_num_rows($sql_username_check);

 if(($email_check > 0) || ($username_check > 0)){
    echo "<br /><div style=color:#FF0000;><center>Please fix the following errors: </div><br /><br />";
    if($email_check > 0){
        echo "<strong><div style=color:#FF0000;><center>Your email address has already been used by another member in our database. Please submit a different Email address!</div><br />";
        unset($email_address);
    }
    if($username_check > 0){
        echo "<strong><div style=color:#FF0000;><center>The username you have selected has already been used by another member in our database. Please choose a different Username!</div><br />";
        unset($username);
    }
    include 'register.html'; // Show the form again!
    exit();  // exit the script so that we do not create this account!
 }

/* Everything has passed both error checks that we have done.
It's time to create the account! */

$stmt = $dbh->prepare("insert into users set first_name=?, last_name=?, username=?, email_address=?, password=?");
$stmt->execute([$first_name, $lastname, $username, $email_address, $hash]);

if(!$stmt){
    echo 'There has been an error creating your account. Please contact the webmaster.';
} else {
    $userid = mysql_insert_id();
    // Let's mail the user!

【问题讨论】:

  • 你试过调试你的代码吗?你怎么知道你连接到数据库没有问题?
  • 使用 PDO 本身并不能使您的代码更安全。使用准备好的语句(mysql_*() 不支持)有所帮助。无论如何,您在这里拥有的是 mysql_*() 和 PDO 调用的混合体。可能,没有任何工作。
  • @HoboSapiens 所以我需要重写我所有的 mysql_queries 以使其正常工作。你说的对吗?
  • 这就是他的意思...阅读PDO (php.net/manual/en/book.pdo.php) 的文档,修改您的代码,如果仍然卡住,请返回这里。
  • 等等,你有$dbh = new PDO(...,但使用的是mysql_query() -> $sql_email_check = mysql_query("SELECT.../$sql_username_check = mysql_query("SELECT...?

标签: php mysql registration


【解决方案1】:

要使用 PDO(不是 mysql_insert_id())获取最后插入的 ID,您可以这样做:

$userid = $dbh->lastInsertId();
// Let's mail the user!

要将其余的 mysql_* 查询转换为 PDO,您可能需要执行以下操作:

$sql_email_check = $dbh->prepare("SELECT email_address FROM users WHERE email_address = :email");
$sql_email_check->execute([':email' => $email_address]);
$email_check = $sql_email_check->rowCount();

$sql_username_check = $dbh->prepare("SELECT username FROM users WHERE username = :username");
$sql_username_check->execute([':username' => $username]);
$username_check = $sql_username_check->rowCount();

if (($email_check > 0) || ($username_check > 0)) {
    // ...
}

【讨论】:

  • 哇,谢谢!我刚到家,我要看看这个。非常感谢您花时间输入所有这些内容
  • 我不怀疑这是正确的代码。但是,我仍然遇到同样的问题。你能告诉我如何开始排除故障以确保我连接到数据库吗?
  • 听起来你需要做一些调试。你有error_reporting()ini_set('display_errors', 1); 设置吗?您是否收到任何 PHP 错误,是否看到空白屏幕(语法错误)?你检查过数据库错误like this
  • 因此,当我尝试使用已注册的电子邮件地址注册时,我正在连接到 db find bc,但我确实收到该电子邮件地址已存在帐户的错误。 . . .
  • 如果你var_dump()执行语句会得到什么?
猜你喜欢
  • 1970-01-01
  • 2014-04-17
  • 1970-01-01
  • 1970-01-01
  • 1970-01-01
  • 1970-01-01
  • 1970-01-01
  • 1970-01-01
  • 2018-08-01
相关资源
最近更新 更多