使用PDO检查数据重复项

时间:2015-04-16 06:45:10

标签: php mysql database pdo verification

我已经看过其他问题,但他们不会为我工作。

我想使用值steamid检查用户是否已登录。如果他们有,则显示他们的信息,如果他们没有,则在数据库中创建一个新帐户。这就是我现在所拥有的:

$dbh = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);

if($dbh){
echo "Connected successfully";
}
include ('steamauth/userInfo.php');
$stmt = $dbh->prepare("SELECT steam_id FROM user WHERE steam_id = :steam_id");
$stmt->bindParam(':steam_id', $steamprofile['steamid']);
$stmt->execute();

if($stmt->rowCount() > 0){
    echo "User already exists!";
}else{

    $sql = "INSERT INTO user (display_name, user_url, steam_id, profil_image) 
    VALUES ('$steamprofile[personaname]', '$steamprofile[profileurl]', $steamprofile[steamid]), '$steamprofile[avatar]'";

    /*
    if ($dbh->query($sql) === TRUE) {
    echo "New record created successfully";
} else {
    echo "Error: " . $sql . "<br>" . $dbh->error;
}
*/
}

截至此代码,唯一的回报是&#34;成功连接&#34;。没有新数据添加到(空)用户数据库。

如果我取消注释最后一个块,我得到输出:

  

&#34;注意:未定义的属性:PDO :: $ error in   第48行的F:\ Bitnami \ htdocs \ Dreamweaver \ freehtml5streets \ index.php   错误:INSERT INTO用户(display_name,user_url,steam_id,   profil_image)VALUES(//登录的相应值列表   用户)。

2 个答案:

答案 0 :(得分:2)

您收到错误&#34;未定义属性&#34;因为&#34;错误&#34;未定义为$ dbh的属性。你可能意味着&#34; errorInfo&#34;见here

顺便说一句,使用原始输入构建SQL语句会让您完全容易受到SQL注入攻击。

答案 1 :(得分:2)

错误异常是因为pdo错误异常返回getMessage,getCode和getFile的数组,请参阅下面的示例及其实现示例。

public function __construct() {
        try {
            $this->mssql = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
        } catch (PDOException $e) {
            throw new CHttpException(404, 'Connection Error, Contact admin for assistance ' . $e);
/** You can access the error messages using $e->getMessage() for the exception error message. $->getCode() for the error code;  $e->getFile(); return the file path  **/
        }
    }

//From the exerpt of your code try this 
include ('steamauth/userInfo.php');
        if (!empty($steamprofile['steamid'])) {
            $stmt = $dbh->prepare("SELECT count(*) from user WHERE steam_id = :steam_id");
            $stmt->bindValue(':steam_id', $steamprofile['steamid']);
            $stmt->execute();
            $count = $stmt->fetchColumn();
        }
//Row will return false if there was no value
        if ($count == 0) {
            //insert new data
            $sql = "INSERT INTO user (display_name, user_url, steam_id, profil_image)
    VALUES ('$steamprofile[personaname]', '$steamprofile[profileurl]', $steamprofile[steamid]), '$steamprofile[avatar]'";
        } else {
            //User exist
        }
相关问题
最新问题