您好我已经检查了其他对此问题的回复但由于某种原因我无法解决问题。这是我正在尝试创建的注册用户系统,但我不断收到致命错误:致电会员函数prepare()在非对象中....这里是..
> <?php
include ("topbar.php");
if ($_SESSION['user']['nivel_permissoes'] == 1)
$idregistadopor=$_SESSION['user']['id_login'];
echo "<div id='topbar'>
<a href='javascript:history.go(-1)'>Voltar</a>
</div>";
if(!empty($_POST))
{
// Ensure that the user has entered a non-empty utilizador
if(empty($_POST['utilizador']))
{
// Note that die() is generally a terrible way of handling user errors
// like this. It is much better to display the error with the form
// and allow the user to correct their mistake. However, that is an
// exercise for you to implement yourself.
die("<br/><br/><br /> <h2>Por favor entre um nome de utilizador</h2>");
}
// Ensure that the user has entered a non-empty password
if(empty($_POST['password']))
{
die("<br/><br/><br /> <h2>Por favor digite uma password</h2>.");
}
// Make sure the user entered a valid E-Mail address
// filter_var is a useful PHP function for validating form input, see:
// http://us.php.net/manual/en/function.filter-var.php
// http://us.php.net/manual/en/filter.filters.php
if(!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL))
{
die("<br/><br/><br /> <h2>E-mail inválido</h2>");
}
// We will use this SQL query to see whether the utilizador entered by the
// user is already in use. A SELECT query is used to retrieve data from the database.
// :utilizador is a special token, we will substitute a real value in its place when
// we execute the query.
$query = "
SELECT
1
FROM login
WHERE
utilizador = :utilizador
";
// This contains the definitions for any special tokens that we place in
// our SQL query. In this case, we are defining a value for the token
// :utilizador. It is possible to insert $_POST['utilizador'] directly into
// your $query string; however doing so is very insecure and opens your
// code up to SQL injection exploits. Using tokens prevents this.
// For more information on SQL injections, see Wikipedia:
// http://en.wikipedia.org/wiki/SQL_Injection
$query_params = array(
':utilizador' => $_POST['utilizador']
);
try
{
// These two statements run the query against your database table.
$stmt = $db->prepare($query);
$result = $stmt->execute($query_params);
}
catch(PDOException $ex)
{
// Note: On a production website, you should not output $ex->getMessage().
// It may provide an attacker with helpful information about your code.
die("Failed to run query: " . $ex->getMessage());
}
// The fetch() method returns an array representing the "next" row from
// the selected results, or false if there are no more rows to fetch.
$row = $stmt->fetch();
// If a row was returned, then we know a matching utilizador was found in
// the database already and we should not allow the user to continue.
if($row)
{
die("<br/><br/><br /> <h2>Este utilizador já existe !</h2> ");
}
// Now we perform the same type of check for the email address, in order
// to ensure that it is unique.
$query = "
SELECT
1
FROM login
WHERE
email = :email
";
$query_params = array(
':email' => $_POST['email']
);
try
{
$stmt = $db->prepare($query);
$result = $stmt->execute($query_params);
}
catch(PDOException $ex)
{
die("Failed to run query: " . $ex->getMessage());
}
$row = $stmt->fetch();
if($row)
{
die("<br/><br/><br /> <h2>Este e-mail já existe!</h2>");
}
// An INSERT query is used to add new rows to a database table.
// Again, we are using special tokens (technically called parameters) to
// protect against SQL injection attacks.
$query = "
INSERT INTO login (
nomeuser,
utilizador,
password,
salt,
email,
sector,
nivel_permissoes,
data_registo,
contacto,
registado_por
) VALUES (
:nomeuser,
:utilizador,
:password,
:salt,
:email,
:sector,
:nivelacesso,
:data_registo,
:contacto,
:registado_por
)
";
// A salt is randomly generated here to protect again brute force attacks
// and rainbow table attacks. The following statement generates a hex
// representation of an 8 byte salt. Representing this in hex provides
// no additional security, but makes it easier for humans to read.
// For more information:
// http://en.wikipedia.org/wiki/Salt_%28cryptography%29
// http://en.wikipedia.org/wiki/Brute-force_attack
// http://en.wikipedia.org/wiki/Rainbow_table
$salt = dechex(mt_rand(0, 2147483647)) . dechex(mt_rand(0, 2147483647));
// This hashes the password with the salt so that it can be stored securely
// in your database. The output of this next statement is a 64 byte hex
// string representing the 32 byte sha256 hash of the password. The original
// password cannot be recovered from the hash. For more information:
// http://en.wikipedia.org/wiki/Cryptographic_hash_function
$password = hash('sha256', $_POST['password'] . $salt);
// Next we hash the hash value 65536 more times. The purpose of this is to
// protect against brute force attacks. Now an attacker must compute the hash 65537
// times for each guess they make against a password, whereas if the password
// were hashed only once the attacker would have been able to make 65537 different
// guesses in the same amount of time instead of only one.
for($round = 0; $round < 65536; $round++)
{
$password = hash('sha256', $password . $salt);
}
// Here we prepare our tokens for insertion into the SQL query. We do not
// store the original password; only the hashed version of it. We do store
// the salt (in its plaintext form; this is not a security risk).
$dateToday = date("m/d/y");
$query_params = array(
':nomeuser' => $_POST['nomeuser'],
':utilizador' => $_POST['utilizador'],
':password' => $password,
':salt' => $salt,
':email' => $_POST['email'],
':sector' => $_POST['sector'],
':nivelacesso' => $_POST['nivelacesso'],
':contacto' => $_POST['contacto'],
':data_registo' =>$dateToday,
':registado_por' =>$idregistadopor,
);
try
{
// Execute the query to create the user
$stmt = $db->prepare($query);
$result = $stmt->execute($query_params);
}
catch(PDOException $ex)
{
// Note: On a production website, you should not output $ex->getMessage().
// It may provide an attacker with helpful information about your code.
die("Failed to run query: " . $ex->getMessage());
}
// This redirects the user back to the login page after they register
header("Location: topbar.php");
// Calling die or exit after performing a redirect using the header function
// is critical. The rest of your PHP script will continue to execute and
// will be sent to the user if you do not die or exit.
die("Redirecting to login.php");
}
?>
答案 0 :(得分:3)
您必须从PDO class:
$db = new PDO($dns, $username, $password, $options);
之后,您可以访问$db->prepare('YOUR_QUERY_STRING');
答案 1 :(得分:2)
这是因为您在使用prepare功能的页面中没有建立任何数据库连接。
因此,您需要首先使用变量$db在此页面上建立连接,因为您正在使用它来调用prepare函数。
如果您正在使用PDO,请使用此命令建立连接:
$db = new PDO("mysql:host=localhost;dbname=database_name;","username","password");