Question

这是我的Web服务器上托管的php文件，它连接到SQL数据库。创建帐户功能可以正常工作，但是一旦输入值，我就会遇到从表中获取值的问题。仅仅为了更多上下文我在游戏制作者中使用http_get()功能：http://docs.yoyogames.com/source/dadiospice/002_reference/asynchronous%20functions/http_get.html

我的SQL表有4列：
    P-ID - 自动递增主键
    USER - 用户名值
    通过 - 加密密码值
    SaveString - 最重要的值是我尝试从我创建的游戏中访问的字符串。这个系统有点工作，但我决定将它改为PDO和PHP新手

<?php


    $mysql_server = "server";
    $mysql_username = "username";
    $mysql_password = "password";
    $mysql_database = "database";
    $mysql_table = "table"; 


    try{
        $conn = new PDO("mysql:host=$mysql_server;dbname=$mysql_database", $mysql_username, $mysql_password);
        $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
    } catch(PDOException $e){
        echo "Couldn't connect to database";
    }

    $f = $_GET['f']; //function operator
    $puser = $_GET['puser'];
    $pword = $_GET['pword'];
    $pss =  $_GET['pss'];



    $salt = "supersecretsalt"; // Super secret encoder
    $epword = crypt($pword,$salt);


    function create_account($conn, $mysql_table, $puser, $epword, $pss) 
    {
        try{
            $sql = "INSERT INTO $mysql_table (USER, PASS, SaveString) VALUES('$puser','$epword','$pss') ";
            $conn->exec($sql);
        } catch (PDOException $e){
            echo "exception connecting to server";
        }
        $conn = null;
    }
    // This function will save information to an existing account
    function save_info($conn, $mysql_table, $puser, $pword, $pss)
    {   
        try{
            $sql = "UPDATE $mysql_table SET SaveString = $pss  WHERE USER = '$puser'";
            $conn->exec($sql);
        } catch (PDOException $e){
            echo "Save didn't work";
        }
        $conn = null;
    }
    // This function will pull account information
    function load_info($conn, $mysql_table, $puser, $epword)
    {
        try{
            $statement = $conn->prepare("SELECT * FROM $mysql_table WHERE USER = '$puser' AND PASS = '$epword'");
            $statement->execute();
            $row = $statement->fetch();
            echo $row['SaveString'];
        } catch(PDOException $e){
            echo "0";
        }
        $conn = null;
    }


    // This determines which function to call based on the $f parameter passed in the URL.
    switch($f)
    {
        case na: create_account($conn, $mysql_table, $puser, $epword, $pss); break;
        case sv: save_info($conn, $mysql_table, $puser, $epword, $pss); break;
        case ld: load_info($conn, $mysql_table, $puser, $epword); break;
    break;
            default: echo"error";
    }

    ?>

Answer 1

switch语句的情况应该是引号，因为它们是字符串。您上一次break还有额外的case。试一试，

switch($f) {
     case 'na': 
          create_account($conn, $mysql_table, $puser, $epword, $pss); 
     break;
     case 'sv': 
          save_info($conn, $mysql_table, $puser, $epword, $pss); 
     break;
     case 'ld': 
          load_info($conn, $mysql_table, $puser, $epword); 
     break;
     default: 
          echo "error";
}

$f的情况也很重要，如果NA仍然会失败。为了确保它始终是小写的，您可以使用strtolower，http://php.net/strtolower，就像这个switch(strtolower($f)) {一样。您也可以选择多种情况，但这似乎是一种浪费，例如，

case 'na': 
case 'NA':

虽然nA和Na仍然没有考虑到这种方法。

使用PHP和PDO连接SQL的正确方法

1 个答案: