PHP脚本没有插入到pg数据库中

时间:2013-07-13 19:42:25

标签: php postgresql

我正在使用以下数据库编写基本的PHP注册脚本:

DROP TABLE IF EXISTS authentication;
CREATE TABLE authentication (
    userID SERIAL UNIQUE REFERENCES users(userID),
    eMail TEXT PRIMARY KEY REFERENCES users(eMail),
    passwordSalt TEXT,
    hashedSalt TEXT,
    saltText TEXT,
    securityAnswer1 TEXT,
    securityAnswer2 TEXT, 
    securityAnswer3 TEXT
);

以及以下注册脚本:

<?php
  include 'https.php';

  //Create a connection to the database. If the connection fails, kill the
  //process and issue an error message
  $conn = pg_connect("host=localhost user=myusername password=mypassword dbname=mydatabase");
  if (!$conn) {
    die("Failed to connect to database.");
  }

  //If the register button is pressed..
  if (isset($_POST['submit'])) {
    //Check to make sure password+confirmation match. If not, error out.
    if ($_POST['password'] != $_POST['confirm-password']) {
      echo 'ERROR: passwords do not match<br />';
      echo 'Return to <a href="registration.php">registration</a> page.<br />';
      break;
    }

    //Then check to make sure the username doesn't already exist in the DB.
    $result = pg_prepare($conn, "duplicateUser", 'SELECT username FROM mydatabase.users WHERE username = $1');
    $result = pg_execute($conn, "duplicateUser", array($_POST['username']));
    $row = pg_fetch_assoc($result);

    //If it already exists, set match to true.
    foreach ($row as $res) {
      if ($res == $_POST['username'])
        $match = true;
    }

    //If match is true, error out.
    if ($match == true) {
      echo 'ERROR: username already in use<br />';
      echo 'Return to <a href="registration.php">registration</a> page.<br />';
      $match = false;
      break;
    }
  }
?>

<html>
<head>
<title>Registration page</title>
</head>
<body>
<form method='POST' action='registration.php'>
Username (e-mail): <input type='text' name='username' /><br />
Password: <input type='password' name='password' /><br />
Confirm password: <input type='password' name='confirm-password' /><br />
<input type='submit' name='submit' value='Register' /><br />
</form>
Return to <a href='index.php'>login</a> page.<br />

</body>
</html>

<?php

  //If the registration button is pressed..
  if (isset($_POST['submit'])) {
    //Take the username and password, salt the password using an SHA1
    //encryption of a random number, concatenate the password to the
    //beginning of the salt, then save the SHA1 of that concatenation
    //as the hashed and salted password.
    $username = $_POST['username'];
    $confirmusername = $_POST['confirm-username'];
    $password = $_POST['password'];
    $confirmpassword = $_POST['confirm-password'];
    if ($username != $confirmusername)
        echo "Please make sure your username is consistent.";
    if ($password != $confirmpassword)
        echo "Please make sure your passwords match.";

    $salt = sha1(rand());
    $saltedPass = $password.$salt;
    $hashedSalt = sha1($saltedPass);

    //Store the username, hashed+salted password, and salt in the
    //authentication table.
    $result = pg_prepare($conn, "authentication", 'INSERT INTO mydatabase.authentication VALUES ($1, $2, $3)');
    $result = pg_execute($conn, "authentication", array($username, $salt, $hashedSalt));

    //Start the session, set the $_SESSION variables loggedin to true and
    //username to the supplied username, then redirect to index.php
    session_start();
    $_SESSION['loggedin'] = true;
    $_SESSION['username'] = $username;
    header("Location: index.php");
  }
?>

但是当我使用PHPpgAdmin时,行还没有插入到数据库中。有什么想法吗?

感谢。

2 个答案:

答案 0 :(得分:1)

首先想到的是你需要显式提交事务。 This answer似乎证实Postgres没有自动提交。

答案 1 :(得分:1)

代码应测试pg_preparepg_execute的结果,并在出错时显示或记录pg_last_error()。否则你在任何问题上都处于黑暗中。

此外,由于它连接到名为mydatabase的数据库并将表引用为mydatabase.tablename,因此可以合理地怀疑您是否正在应用此MySQL将数据库名称添加到表名称之前。它不适用于Postgres。 MySQL的数据库相当于PostgreSQL中的模式。

因此,除非您已明确创建名为mydatabase的postgres架构,否则请尝试不带任何前缀:

INSERT INTO authentication VALUES ($1, $2, $3)

这也适用于之前可能因同样原因失败的SELECT,并且它也没有错误检查。