Question

我有一个表单要求用户验证他们的电子邮件地址，该链接将作为

发送给用户

http://app.myurl.org/h/activate.php?email=useremail%40gmail.com&key=80fddb7fa21dd2e2639ae5ec82b9d511&api=8a2d01d7411ec2488307744ddf070a4d

将用户定向到激活页面。

我正在尝试从网址获取email，key和api。然后我尝试更新用户表和名册表。

Rosters表列更新为Activation 要更新的用户表列为groups 它们都在整个网站中将MD5随机散列的唯一值作为API KEY传递。一切都很顺利，而不是查询。

我出错的任何想法？

    <?php
include ('dbcon.php');
if (isset($_GET['email']) && preg_match('/^([a-zA-Z0-9])+([a-zA-Z0-9\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\._-]+)+$/',
     $_GET['email'])) {
     $email = $_GET['email'];
    }
    if (isset($_GET['key']) && (strlen($_GET['key']) == 32))
     //The Activation key will always be 32 since it is MD5 Hash
     {
     $key = $_GET['key'];
    }
    if (isset($_GET['api']) && (strlen($_GET['api']) == 32))
     //The API key will always be 32 since it is MD5 Hash
     {
     $API = $_GET['api'];
    }
    if (isset($email) && isset($key)) {

     // Update the database to set the "activation" field to null

     $query_activate_account = "BEGIN TRANSACTION; 
                                UPDATE table_roster SET Activation=NULL WHERE(email ='$email' AND Activation='$key')LIMIT 1;
                                UPDATE table_users SET groups=[99] WHERE(pinAPP_API ='$API') LIMIT 1;
                                COMMIT";
     $result_activate_account = mysqli_query($dbc, $query_activate_account);

     // Print a customized message:
     if (mysqli_affected_rows($dbc) == 1) //if update query was successful
     {
     echo '<div>You may now proceed.</div>';

     } else {
     echo '<div>Oops !You could not be validated. Please recheck the link or contact your hiring manager.</div>';

     }

     mysqli_close($dbc);

    } else {
     echo '<div>An Error Occurred.</div>';
    }
    ?>

我做了一些关于用一个事务更新两个表的搜索，建议使用BEGIN TRANSACTION; UPDATE... UPDATE... COMMIT;但是我收到了失败，我的预定义错误消息是An Error Occurred

Answer 1

您必须使用mysqli_multi_query代替mysqli_query。

此外，您必须启动事务并使用单独的查询提交或回滚它。

mysqli_query($dbc, "START TRANSACTION");

$result_activate_account = mysqli_multi_query(
    $dbc,
    "UPDATE table_roster SET Activation=NULL WHERE (email ='$email' AND Activation='$key') LIMIT 1;
     UPDATE table_users SET groups=[99] WHERE (pinAPP_API ='$API') LIMIT 1;"
);

if ($result_activate_account !== false) {
    mysqli_query($dbc, "COMMIT");

    echo '<div>You may now proceed.</div>';
} else {        
    mysqli_query($dbc, "ROLLBACK");

    echo '<div>Oops !You could not be validated. Please recheck the link or contact your hiring manager.</div>';
}

Answer 2

您不应该一次使用多个查询。 mysqli为事务提供函数，它们仅适用于MySQL 5.6及更高版本：

 mysqli_begin_transaction($dbc);
 mysqli_query($dbc, "UPDATE table_roster SET Activation=NULL WHERE(email ='$email' AND Activation='$key')LIMIT 1");
 mysqli_query($dbc, "UPDATE table_users SET groups=[99] WHERE(pinAPP_API ='$API') LIMIT 1");
 mysqli_commit($dbc);

另外，请查看预准备语句并绑定这些值，而不是直接使用它们。

SQL - 事务更新2表

2 个答案: