PDO Insert不使用bindParam

时间:2016-07-21 15:28:16

标签: php pdo

我目前正在使用PDO连接到我的数据库并且它可以工作,但是当用户登录时,我希望它检查用户的id是否已经连续,我已经在代码如下:

<?php
require 'steamauth/steamauth.php';

if(!isset($_SESSION['steamid'])) {

$username = "Unknown";
$avatar = "defaultUser";
$accid = "Unknown";

$credits = "Not Applicable";

$avatarSmall = "smallUser"; //For Dashboard

} else {

include ('steamauth/userInfo.php');

$username = &$steamprofile['personaname'];
$avatar = &$steamprofile['avatarmedium'];
$accid = &$steamprofile['steamid'];

$avatarSmall = &$steamprofile['avatar']; //For Dashboard

$db_user = "USERNAME";
$db_pass = "PASSWORD";
$db_host = "HOST";
$db_name = "DATABASE NAME";

$db = new PDO("mysql:host=".$db_host.";db_name=".db_name, $db_user, $db_pass);

    try{
        $check = $db->prepare("SELECT userID from userData WHERE userID = :accountID");
        $check->bindParam(':accountID', $accid, PDO::PARAM_INT);
        $check->execute();
        if(!$check){
            die("Server Error: 404Check, Please Contact A Member Of Staff If This Error Continues.");
        }else{
            if($check->rowCount() > 0) {
                $creditsQuery = $db->prepare("SELECT userCredits FROM userData WHERE userID = :accountID3");
                $creditsQuery->bindParam(":accountID3", $accid, PDO::PARAM_INT);
                $creditsQuery->execute();
                //Set Credits To Variable From Database Column
                $credits = $creditsQuery->fetch(PDO::FETCH_ASSOC);
            }else{
                $sql = $db->prepare("INSERT INTO userData (userID, userCredits) VALUES (:accountID2, '0')");
                $sql->bindParam(':accountID2', $accid, PDO::PARAM_INT);
                $sql->execute();
                if(!$sql){
                    die('Server Error: 404Insert, Please Contact A Member Of Staff If This Error Continues.');
                }
            }   
        }
    }catch(PDOException $e){
        die ("Server Error: 404Connection, Please Contact A Member Of Staff If This Error Continues.");
    }
}       

?>

虽然,当我登录时,它似乎不会将用户的ID或信用存储为0,并且表(userData)为空。

谢谢,

马特

1 个答案:

答案 0 :(得分:1)

这是错误的:

$update_user = "UPDATE members SET year='" . $value1 . "', astatus='" . $value2 . "', address='" . $value3 . "', phone='" . $value4 . "', email='" . $value5 . "', pass='" . $newpass . "' WHERE user = '" . $user . "'";
如果执行失败,

$check->execute(); if(!$check){ ^^^^^^^ 不会神奇地变为布尔值true / false。它始终是一个准备好的语句对象,因此总是评估为$check

您没有在PDO中启用例外,因此它以默认的“失败时返回错误”模式运行,这意味着您的代码应为:

true

这也适用于您的其他准备/执行块 - 您的脚本在进入插入查询之前就会自行查找,因为您对数据库故障的测试是错误的。

相关问题
最新问题