PDO插入和执行

时间:2013-02-16 09:29:22

标签: php mysql pdo

为了序言,我的mysql知识非常有限,我决定尝试使用PDO,因为我听说它更安全。话虽如此,如果您在尝试帮助我时看到任何注射责任,请告诉我!无论如何,我遇到了如何处理PDO查询输出的问题,以及一般的执行......

我尝试做的第一件事是获取表单数据,并搜索数据库以查看是否有其他人使用相同的用户名或相同的电子邮件:

if(isset($_POST['name']) && !empty($_POST['name']) AND isset($_POST['password']) && !empty($_POST['password']) AND $_POST['password'] == $_POST['password2'] AND isset($_POST['email']) && !empty($_POST['email']) AND isset($_POST['year']) && !empty($_POST['year']) AND isset($_POST['termsandconditions']) && !empty($_POST['termsandconditions'])){
        $name = $_POST['name'];
            $password = $_POST['password'];
        $email = $_POST['email'];
        foreach ($_POST['year'] as $year);
        $termsandconditions = $_POST['termsandconditions'];

        $idqry = $sql->prepare("SELECT id FROM users WHERE username = :idcheck");
        $idqry->bindParam(':idcheck', $name, PDO::PARAM_STR,20);
        $idqry->execute();

        $emailqry = $sql->prepare("SELECT id FROM users WHERE email = :idcheck");
        $emailqry->bindParam(':emailcheck', $email, PDO::PARAM_STR, 40);
        $emailqry->execute();

稍后,我尝试让PDO查询检查重复的用户名/电子邮件并创建不同的条件:

if(!eregi("^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.(edu)$", $email)){
        // Return Error - Invalid Email
        $msg = 'The email you have entered is invalid, please try again.<br />*NOTE: You must use a .edu email to be able to register!';
    }elseif($idqry != FALSE){
        $msg = "That username has already been used, please try another one.";
    }elseif($emailqry != FALSE){
        $msg = 'That email has already been used, <a class=statusmsg href="../recovery/">need to recover your password?</a>.';
    }else{
        $msg = 'Your account has been made, <br /> please verify it by clicking the activation link that has been sent to your email.';
        $hash = md5(rand(0,1000));
        $hashedpass = password_hash($password, PASSWORD_BCRYPT);



        $sqlinsert = $sql->prepare("INSERT INTO users (username, password, email, hash, year, termsandconditions) VALUES (:username, :password, :email, :hash, :year, :termsandconditions)");
        $sqlinsert->execute(array(
                            ':username' => $name,
                            ':password' => $hashedpass,
                            ':email' => $email,
                            ':hash' => $hash,
                            ':year' => $year,
                            ':termsandconditions' => $termsandconditions));
    }
}

当我尝试测试时,我总是得到$ msg输出“该用户名已被使用,请尝试另一个。” (即使我输入了唯一的用户名)

你知道有什么不对吗? 另外,是否可以bindParam数据库INSERT? 谢谢!

2 个答案:

答案 0 :(得分:3)

我认为你要做的就是这个。 

$idqry = $sql->prepare("SELECT id FROM users WHERE username = :idcheck");
$idqry->bindParam(':idcheck', $name, PDO::PARAM_STR,20);
$idqry->execute();
//This is how you get the number of rows returned
$rowCount = $idqry->rowCount();

if ($rowCount > 0){
echo 'user name taken';
}else{
echo 'user name available';
}

我相信你可以解决剩下的问题:)

答案 1 :(得分:0)

执行命令的返回值为TRUE或FALSE值,具体取决于查询是否成功,因此只要查询可以成功执行(表示存在表,选择有效,mysql有效),那么它就是真的。 (澄清:如果用户名不存在,则返回的结果为空集,但仍然是结果,因此查询成功。)

您应该检查是否没有返回任何结果,因为这确实说明用户名尚不存在:

$idqry->execute();
$count = $idqry->rowCount();

if ($count != 0) {
    // ERROR
}

如上所述,也可以使用rowCount()而不是像我最初使用的那样获取所有内容。这比获取所有数据更有效,即使您试图保证最多1个结果。

相关问题
最新问题