Stuck参数号无效:绑定变量数与令牌数

时间:2016-01-11 15:43:10

标签: php mysql pdo

我已经坚持了很长一段时间,我似乎无法找到符合我情况的另一个答案。

在我的用户类中:

public function register($uFirstName,$uLastName,$uCompany,$uEmail,$uPassword,$uAccess)
{
        try
        {
            $newPassword = password_hash($uPassword, PASSWORD_DEFAULT);

            $stmt = $this->db->prepare("INSERT INTO users(FirstName,LastName,Company,Email,Password,Access) VALUES (:uFirstName,uLastName,uCompany,uEmail,uPassword,uAccess)");

            $stmt->bindparam("uFirstName", $uFirstName);
            $stmt->bindparam("uLastName", $uLastName);
            $stmt->bindparam("uCompany", $uCompany);
            $stmt->bindparam("uEmail", $uEmail);
            $stmt->bindparam("uPassword", $uPassword);
            $stmt->bindparam("uAccess", $uAccess);

            $stmt->execute();

            return $stmt;
        }
        catch(PDOException $e)
        {
            echo $e->getMessage();
        }
}

在我的表单页面中:

if(isset($_POST['btn-signup']))
{
    $uFirstName = trim($_POST['regFirstName']);
    $uLastName = trim($_POST['regLastName']);
    $uCompany = trim($_POST['regCompany']);
    $uEmail = trim($_POST['regEmail']);
    $uEmailVerify = trim($_POST['regEmailVerify']);
    $uPassword = trim($_POST['regPassword']);
    $uAccess = 0;

    if ($uEmail != $uEmailVerify) {
        $error = "Emails Don't Match";
    }
    else if (!filter_var($uEmail, FILTER_VALIDATE_EMAIL)) {
        $error = "Please Enter a Valid Email";
    }
    else if (strlen($uPassword) < 6) {
        $error = "Password must be at least 6 characters";
    }
    else {
        try
        {
            $stmt = $DB_con->prepare("SELECT Email FROM users WHERE Email=:uEmail");
            $stmt->execute(array(':uEmail' => $uEmail));

            $row = $stmt->fetch(PDO::FETCH_ASSOC);

            if ($row['Email'] == $uEmail) {
                $error = "Email is Already Registered, Log In Instead";
            }
            else {
                if ($user->register($uFirstName,$uLastName,$uCompany,$uEmail,$uPassword,$uAccess)) {
                    $user->redirect('http://facebook.com');
                }
            }
        }
        catch (PDOException $e)
        {
            echo $e->getMessage();
        }
    }
}

1 个答案:

答案 0 :(得分:4)

这里看看你的价值

VALUES (:uFirstName,uLastName,uCompany,uEmail,uPassword,uAccess)

你只绑定了第一个而不是其他人。

修改

我发现您没有在第二段代码中使用password_verify(),而只检查电子邮件是否存在。

如果您有任何问题,请访问ircmaxell的答案https://stackoverflow.com/a/29778421/1415724

从答案中拉出来:

登录时:

$sql = "SELECT * FROM users WHERE username = ?";
$stmt = $dbh->prepare($sql);
$result = $stmt->execute([$_POST['username']]);
$users = $result->fetchAll();
if (isset($users[0]) {
    if (password_verify($_POST['password'], $users[0]->password) {
        // valid login
    } else {
        // invalid password
    }
} else {
    // invalid username
}
相关问题
最新问题