我对准备好的陈述有疑问 即时通讯试图阻止我的数据库中的SQL注入,所以我试图申请 准备好的陈述但我认为我有问题
这是 collector_db.php
<?php
require 'connection.php';
$username = $_POST["username"];
$password = $_POST["password"];
$repassword = $_POST["repassword"];
$email = $_POST["email"];
$surname = $_POST["surname"];
$fname = $_POST["fname"];
$mname = $_POST["mname"];
if($password == $repassword){
global $dbConnection;
$mysql_qry = $dbConnection->prepare("insert into account_info(surname,firsname,middlename,username,pass,email) VALUES (?,?,?,?,?,?);");
$mysql_qry- >bind_param('ssssss','$surname,$fname,$mname,$username,$password,$email');
$mysql_qry->execute();
if ($connect->query($mysql_qry)=== TRUE){
echo "<script language='javascript'>";
echo "alert('Registration Success');";
echo "window.close();";
echo "</script>";
$mysql_qry->close();
$conn->close();
}
else{
echo "REGISTRATION failed".$mysql_qry."<br>". $connect->error;
echo "<script language='javascript'>";
echo "alert('Registration Failed');";
echo "</script>";
}
}
elseif($password != $repassword){
echo 'Password doesnt Match';
}
elseif($username == "" || $password == "" || $email == "" || $surname == "" || $fname == "" || $mname == "" || $repassword == ""){
echo "<script language='javascript'>";
echo "alert('Some of the Textfields is null');";
echo "</script>";
}
else {
echo "<script language='javascript'>";
echo "alert('Error');";
echo "</script>";
}
?>
感谢您的帮助:)
答案 0 :(得分:0)
$mysql_qry-和>之间的空格以及if ($connect->query($mysql_qry)=== TRUE){和$connect两次执行查询未在您的代码中定义
只需执行一次
$mysql_qry = $dbConnection->prepare("insert into account_info(surname,firsname,middlename,username,pass,email) VALUES (?,?,?,?,?,?);");
$mysql_qry->bind_param('ssssss', $surname,$fname,$mname,$username,$password,$email);// remove quotes form here
if ($mysql_qry->execute()) {
echo "<script language='javascript'>";
echo "alert('Registration Success');";
echo "window.close();";
echo "</script>";
$mysql_qry->close();
}
删除此部分if ($connect->query($mysql_qry)=== TRUE){...