我是PHP的新手,在尝试将mysqli调用转换为PDO预处理语句时继续遇到错误。数据库连接已设置为PDO。它的字面意思在3-4左右变化,但我不能这样做。
PHP代码:
//error_reporting(E_ALL);
//ini_set('display_errors', TRUE);
require 'vdb_includes/db.php';
require 'functions.php';
//Declaring variables as whitespace so nothing will be displayed below the form until submission.
$fe_firstName = " ";
$fe_lastName = " ";
$fe_email = " ";
$fe_emailconf = " ";
$fe_username = " ";
$fe_pw = " ";
$fe_pwconf = " ";
$fe_terms = " ";
$fe_usernameInvalid = " ";
$fe_emailInvalid = " ";
//Declaring verification variables to ensure duplicate users aren't created.
$verifyUsername = $_POST['username'];
$verifyEmail = $_POST['email'];
//Setting up array, if zero errors occur the array will stay empty.
$errors = array();
//The URL of the signup page.
//The full URL of the page the form was submitted from.
$current = 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
$referrer = $_SERVER['HTTP_REFERER'];
//Ensure form comes from VAL website.
if ( $referrer == $current ) {
if($_SERVER['REQUEST_METHOD'] == 'POST'){
/**
* Validate forms
* Match regex
* Ensure pass & email confirmations match
*/
if(0 === preg_match("/^[a-z\-]{2,20}$/i", $_POST['firstName'])){
$errors['e_firstName'] = "Your first name cannot be empty.";
$fe_firstName = "Your first name cannot be empty.";
}
if(0 === preg_match("/^[a-z\-]{2,20}$/i", $_POST['lastName'])){
$errors['e_lastName'] = "Your last name cannot be empty.";
$fe_lastName = "Your last name cannot be empty.";
}
if(0 === preg_match("/^[a-zA-Z0-9]+[a-zA-Z0-9_.-]+[a-zA-Z0-9_-]+@[a-zA-Z0-9]+[a-zA-Z0-9.-]+[a-zA-Z0-9]+.[a-z]{2,4}$/", $_POST['email'])){
$errors['e_email'] = "Please enter a valid E-Mail address.";
$fe_email = "Please enter a valid E-Mail address.";
}
if(0 !== strcmp($_POST['email'], $_POST['emailconf'])){
$errors['e_emailconf'] = "Please ensure your E-Mail addresses match.";
$fe_emailconf = "Please ensure your E-Mail addresses match.";
}
if(0 === preg_match("/^[a-z\d_]{3,20}$/i", $_POST['username'])){
$errors['e_username'] = "Please enter a valid username.";
$fe_username = "Please enter a valid username.";
}
if(0 === preg_match("/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)[a-zA-Z\d]{8,56}$/", $_POST['pw'])){
$errors['e_pw'] = "Please follow the password instructions. You must have at least one number, one lower-case, and one upper-case letter.";
$fe_pw = "Please follow the password instructions. You must have at least one number, one lower-case, and one upper-case letter.";
}
if(0 !== strcmp($_POST['pw'], $_POST['pwconf'])){
$errors['e_pwconf'] = "Please ensure your passwords match.";
$fe_pwconf = "Please ensure your passwords match.";
}
if(!isset($_POST['terms'])){
$errors['e_terms'] = "You must accept the Terms and Conditions.";
$fe_terms = "You must accept the Terms and Conditions.";
}
/**
* Check if username and email address already exist.
* If so, add error to validity array.
*/
$usernameCheck = mysqli_query($con, "SELECT * FROM users WHERE username='".$verifyUsername."'");
if($usernameCheck->num_rows){
$errors['e_usernameInvalid'] = "Username already exists.";
$fe_usernameInvalid = "Username already exists.";
}
$emailCheck = mysqli_query($con, "SELECT * FROM users WHERE email='".$verifyEmail."'");
if($emailCheck->num_rows){
$errors['e_emailInvalid'] = "Email already exists.";
$fe_emailInvalid = "Email already exists.";
}
//If no validation errors
if(0 === count($errors)){
//HASH & ready password
//
// Instantiate new instance of class
$hash_password = new Hash_Password();
// Hash the password
$hash = $hash_password->hash($password);
$send_pw = $hash;
//Autoset non-user-input values to 0
$send_wins = 0;
$send_losses = 0;
$send_played = 0;
$send_earnings = 0;
//Obtain time of form submission = Time registered.
$datum = new DateTime();
$send_regDate = $datum->format('Y-m-d H:i:s');
$send_lastLogin = $send_regDate;
$send_rolePermissions = 0;
//Insert query time.
$sql = "
INSERT INTO users (first_name, last_name, username, password, email, last_login, date_joined, wins, losses, played, earnings, permissions) VALUES
(:firstName,:lastName,:username,:pw,:email,'{$send_lastLogin}','{$send_regDate}','{$send_wins}','{$send_losses}','{$send_played}','{$send_earnings}','{$send_rolePermissions}')
";
$stmt = $con->prepare($sql);
/***
* Sanitize code
* Clean dangerous chars for DB
*/
$stmt->bindParam(':firstName, $_POST[firstName]');
$stmt->bindParam(':lastName, $_POST[lastName]');
$stmt->bindParam(':email, $_POST[email]');
$stmt->bindParam(':username, $_POST[username]');
$stmt->bindParam(':pw, $send_pw');
//Redirecting based on the connection result.
if(!$stmt->execute() ){
if (!headers_sent()) {
exit(header("Location: registration_fail.php"));
} else{
?>
<script> location.replace("registration_fail.php"); </script>
<?php
}
} else{
if (!headers_sent()) {
exit(header("Location: registration_success.php"));
} else{
?>
<script> location.replace("registration_success.php"); </script>
<?php
}
mysqli_close($con);
}
}
}
}
DP连接:
try{
$con = new PDO("mysql:host=$server;dbname=$database;", $db_username, $db_password);
} catch(PDOException $e){
die("Connection failed: " . $e->getMessage());
}
我完全清楚验证底部的用户名和电子邮件检查也需要转换,但是从代码中删除这些内容时,也会发生同样的错误。
错误在于语句的执行。它重定向到失败页面,但我不确定导致执行失败的原因是什么?
答案 0 :(得分:-2)
我宁愿使用mysqli来编写预备语句:
因此代码应如下:
await