我试图选择使用 msqli_prepare语句,然后我立即尝试插入记录,如果语句1为真。我确实阅读了很多文章。大部分是人们说我必须先关闭第一个使用第二个声明。但仍然没有用。可能我认为我在错误的地方关闭了stmt。 if ($exec === true)总是假的。请帮忙。
感谢
<?php
require_once("dbcontroller.php");
$db_handle = new DBController();
$conn = $db_handle->connectDB();
if (isset($_POST['btn-register'])) {
/* Password Matching Validation */
if ($_POST['password'] != $_POST['confirmpassword']) {
$message = '<div class="alert alert-danger">Passwords should be same</div>';
}
/* Validation to check if Terms and Conditions are accepted */
if (!isset($message)) {
if (!isset($_POST["terms"])) {
$message = '<div class="alert alert-danger">Accept Terms and conditions before submit</div>';
}
}
if (!isset($message)) {
//Function to sanitize values received from the form. Prevents SQL injection
function clean($conn, $str) {
$str = @trim($str);
if (get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
return mysqli_real_escape_string($conn, $str);
}
$firstName = clean($conn, $_POST['firstname']);
$lastName = clean($conn, $_POST['lastname']);
$mobile = clean($conn, $_POST['mobile']);
$username = clean($conn, $_POST['username']);
$email = clean($conn, $_POST['email']);
$password = clean($conn, md5($_POST['password']));
$accountHolderName = clean($conn, $_POST['accountHolderName']);
$bankName = clean($conn, $_POST['bankId']);
$accountNumber = clean($conn, $_POST['accountNumber']);
$branchName = clean($conn, $_POST['branchName']);
$branchCode = clean($conn, $_POST['branchCode']);
$accountTypeId = clean($conn, $_POST['accountTypeId']);
$accountactive = 'Y';
$query = "select USERNAME from USER_DETAILS where USERNAME= ? or EMAIL_ADDRESS = ? ";
$stmt = $conn->prepare($query);
$stmt->bind_param("ss", $username, $email);
$stmt->execute();
$stmt->store_result();
$stmt->bind_result($username);
$stmt->fetch();
$num_of_rows = $stmt->num_rows;
$stmt->close();
if ($num_of_rows == 1) {
$message = '<div class="alert alert-danger">The username name ' . $username . ' or mail ' . $email . ' is already exist in our database</div>';
} else {
$query = "insert into USER_DETAILS(FIRST_NAME,LAST_NAME,MOBILE_NUMBER,USERNAME,
EMAIL_ADDRESS,PASSWORD,ACCOUNT_HOLDER,BANK_NAME,ACCOUNT_NUMBER,BRANCH_NAME,BRANCH_CODE,ACCOUNT_TYPE,IS_ACTIVE) values(?,?,
?,?,?,?,?,?,?,?,?,?,?)";
$stmt1 = $conn->prepare($query);
$stmt1->bind_param("ssssssssissss", $firstName, $lastName, $mobile, $username, $email, $password, $accountHolderName, $bankName, $accountNumber, $branchName, $branchCode, $accountTypeId, $accountactive);
$exec = $stmt1->execute();
if ($exec === true) {
$message = '<div class="alert alert-success">You have registered successfully!</div>';
} else {
$message = '<div class="alert alert-danger">Problem in registration. Try Again!</div>';
}
$stmt1->close();
}
}
}
$db_handle->closeDB($conn);
?>