我正在尝试创建一个页面,允许用户留下书籍评论。我正在检查字段是否为空,用户表中是否存在用户名,书表中是否存在书籍ID。如果所有这些事情都过去了,那么我想将评论纳入评论表。
目前,当我填写表格并提交时,我没有任何输出,没有错误,只是一个空白屏幕。
以下是代码:
require_once __DIR__.'/config.php';
session_start();
$dbh = new PDO('mysql:host=' . DB_HOST . ';dbname=' . DB_USERNAME, DB_USERNAME, DB_PASSWORD);
$book = $_POST["book_id"];
$username = $_POST["user"];
$review = $_POST["review"];
$rating = $_POST["rating"];
if (empty($book) || empty($username) || empty($review) || empty($rating) ) {
$error = "Complete all fields";
}
if ($rating > 5 || $rating < 0) {
$error = "Please enter a rating between 1 and 5";
}
if (!isset($error)){
//no error
$stmt = $dbh->prepare("SELECT username FROM users WHERE username = :user");
$stmt->bindParam(':user', $username);
$stmt->execute();
} else {
$error = "user does not exsist";
}
if (!isset($error)){
//no error
$stmt = $dbh->prepare("SELECT b_id FROM users WHERE b_id = :book_id");
$stmt->bindParam(':book_id', $book);
$stmt->execute();
} else {
$error = "Book does not exsist, please enter another ID";
}
if (!isset($error)) {
$sql = 'INSERT INTO reviews (book_id ,username, review, rating) VALUES (:book_id,:user,:review,:rating)';
$query = $dbh->prepare($sql);
$query->execute(array(
':book_id' => $book,
':user' => $username,
':review' => $review,
':rating' => $rating
));
} else {
echo "error occured: ".$error;
exit();
}
我想要进行检查并在数据库中输入信息,有人可以告诉我该怎么做吗?
答案 0 :(得分:1)
尝试将此代码添加到脚本的最开头。如果无法连接到数据库,则会捕获错误并打印到控制台。
try {
$dbh = new PDO('mysql:host=' . DB_HOST . ';dbname=' . DB_USERNAME, DB_USERNAME, DB_PASSWORD);
} catch (PDOException $e) {
print "Error!: " . $e->getMessage() . "<br/>";
die();
}
答案 1 :(得分:1)
您的错误处理无法正常工作。我们来看一个例子:
if (!isset($error)){
//no error
$stmt = $dbh->prepare("SELECT username FROM users WHERE username = :user");
$stmt->bindParam(':user', $username);
$stmt->execute();
} else {
$error = "user does not exsist";
}
首先,使用带参数绑定的预准备语句+1!如果我正确地解释了代码,那么您想要这段代码的内容如下:
$username的用户是否存在$error变量设置为值"user does not exist",否则请保持$error未定义。您的代码实际上的内容如下:
if(!isset($error))),请选择名称为$username的用户并弃用结果else),则不检查用户是否存在,但无条件覆盖$error变量。 您需要做什么是评估查询结果以检查用户是否确实存在(请注意您当前正在执行SQL查询,但不以任何方式评估结果):
$stmt = $dhb->prepare("SELECT COUNT(1) FROM users WHERE username = :user");
$stmt->bindParam(':user', $username);
$stmt->execute();
$userCount = $stmt->fetchColumn();
if ($userCount == 0) {
$error = "User does not exist";
}
此外,您不会检查最终INSERT语句是否成功。这意味着如果最后一次SQL查询失败,您将不会得到任何类型的错误输出。
为PDO查询添加错误处理的最简单方法(imho)是通过设置错误模式来配置PDO以引发错误异常:
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
在这种情况下,每个PDO查询都会抛出一个SQL错误的异常,您可以在应用程序中捕获并处理该错误:
$sql = 'INSERT INTO reviews (book_id ,username, review, rating) VALUES (:book_id,:user,:review,:rating)';
$query = $dbh->prepare($sql);
try {
$query->execute(array(
':book_id' => $book,
':user' => $username,
':review' => $review,
':rating' => $rating
));
} catch (PDOException $e) {
// Process exception $e as you see fit.
}
答案 2 :(得分:1)
根据上一个查询的错误输出,似乎评论表没有username字段。
这也是合乎逻辑的 - 我认为它应该像user_id(作为PK关系)。
Query 1 Error output: Array ( [0] => 00000 [1] => [2] => )
Query 2 Error output: Array ( [0] => 00000 [1] => [2] => )
Query 3 Error output: Array ( [0] => 42S22 [1] => 1054 [2] => Unknown column 'username' in 'field list' )
查询:
$sql = 'INSERT INTO reviews (book_id ,username, review, rating) VALUES (:book_id,:user,:review,:rating)';
$query = $dbh->prepare($sql);
提到的错误是:
Unknown column 'username' in 'field list'