使用INT更新db表

时间:2017-02-14 12:30:11

标签: php mysql prepared-statement

好的,我无法解决这个问题。

我希望登录用户使用金额(INT)更新行,我不断获取无效参数错误以及对非对象调用成员函数execute()。

这是应该更新数据库的php和html

<?php
ini_set("log_errors", 1);
ini_set("error_log", "/tmp/php-error.log");
session_start();
require_once 'class.user.php';
$user_home = new USER();

if(!$user_home->is_logged_in())
{
    $user_home->redirect('index.php');
}

$stmt = $user_home->runQuery("SELECT * FROM tbl_client_info WHERE UCODE=:uid");
$stmt->execute(array(":uid"=>$_SESSION['userSession']));
$row = $stmt->fetch(PDO::FETCH_ASSOC);

    if($stmt->rowCount() == 1)
    {
        if(isset($_POST['btn-update-data']))
        {
            $purchasedata = $_POST['purchasedata']; 
            $cpurchasedata = $_POST['cpurchasedata'];


            if($cpurchasedata!==$purchasedata)
            {
                $msg = "<div class='alert alert-block'>
                        <button class='close' data-dismiss='alert'>&times;</button>
                        <strong>Sorry!</strong>  Input Does Not Match. Make sure the details match. 
                        </div>";
            }
            else
            {

                $stmt = $user_home->register("INSERT INTO tbl_client_info (purchasedata) VALUES (?)");
                $stmt->execute(array(":purchasedata"=>$purchasedata));

                //

                $msg = "<div class='alert alert-success'>
                        <button class='close' data-dismiss='alert'>&times;</button>
                        Okay, we have added data to your account.
                        </div>";
            }
        }   
    }
    else
    {
        $msg = "<div class='alert alert-success'>
                <button class='close' data-dismiss='alert'>&times;</button>
                No Sorry That Did Not Work, Try again
                </div>";

    }

?>

<!DOCTYPE html>
<html>
  <head>
    <title>Forgot Password</title>
    <!-- Bootstrap -->
    <link href="bootstrap/css/bootstrap.min.css" rel="stylesheet" media="screen">
    <link href="bootstrap/css/bootstrap.css" rel="stylesheet" media="screen">
    <link href="bootstrap/css/bootstrap-responsive.min.css" rel="stylesheet" media="screen">
    <link href="assets/styles.css" rel="stylesheet" media="screen">

    <link href="css/bootstrap.min.css" rel="stylesheet">

    <link href="fonts/css/font-awesome.min.css" rel="stylesheet">
    <link href="css/animate.min.css" rel="stylesheet">
     <!-- HTML5 shim, for IE6-8 support of HTML5 elements -->
    <!--[if lt IE 9]>
      <script src="http://html5shim.googlecode.com/svn/trunk/html5.js"></script>
    <![endif]-->
    <!-- Custom styling plus plugins -->
    <link href="css/custom.css" rel="stylesheet">
  <link href="css/icheck/flat/green.css" rel="stylesheet">
<script src="js/vendor/modernizr-2.6.2-respond-1.1.0.min.js"></script>

<!-- Sweet Alert -->
  <script src="dist/sweetalert-dev.js"></script>
  <link rel="stylesheet" href="dist/sweetalert.css">
  <!--.......................-->

  </head>



<body style="background:#f3f3f3;"> 

    <div id="wrapper">
      <div id="login_content" class="animate form">
        <section class="login_content">
          <form method="post">
            <h1>Purchase Data</h1>

            <div class='alert alert-success'>
            <strong>Hello </strong><?php echo $row['firstname'] ?>! //add more text here
        </div>

        <?php
        if(isset($msg))
        {
            echo $msg;
        }
        ?>
        <input type="text" class="input-block-level" placeholder="500mb" name="purchasedata" required />
        <input type="text" class="input-block-level" placeholder="Retype the bundle" name="cpurchasedata" required />
        <hr />
        <button class="btn btn-large btn-primary" type="submit" name="btn-update-data">Add data to my account</button>
            <div class="clearfix"></div>
            <div class="separator">

这是class_user.php

<?php

require_once 'dbconfig.php';

class USER
{   

    private $conn;

    public function __construct()
    {
        $database = new Database();
        $db = $database->dbConnection();
        $this->conn = $db;
    }

    public function runQuery($sql)
    {
        $stmt = $this->conn->prepare($sql);
        return $stmt;
    }

    public function lasdID()
    {
        $stmt = $this->conn->lastInsertId();
        return $stmt;
    }

    public function register($uname,$email,$upass,$code,$purchasedata)
    {
        try
        {                           
            $password = md5($upass);
            $stmt = $this->conn->prepare("INSERT INTO tbl_client_info(User_Name,billingemail,password,purchasedata,tokenCode) 
                                                         VALUES(:User_Name, :billingemail, :password, :purchasedata, :active_code)");
            $stmt->bindparam(":user_name",$uname);
            $stmt->bindparam(":user_mail",$email);
            $stmt->bindparam(":user_pass",$password);
            $stmt->bindparam(":active_code",$code);
            $stmt->bindparam(":purchasedata",$purchasedata);
            $stmt->execute();   
            return $stmt;
        }
        catch(PDOException $ex)
        {
            echo $ex->getMessage();
        }
    }

    public function login($email,$upass)
    {
        try
        {
            $stmt = $this->conn->prepare("SELECT * FROM tbl_client_info WHERE billingemail=:email_id");
            $stmt->execute(array(":email_id"=>$email));
            $userRow=$stmt->fetch(PDO::FETCH_ASSOC);

            if($stmt->rowCount() == 1)
            {
                if($userRow['userStatus']=="Y")
                {
                    if($userRow['password']==md5($upass))
                    {
                        $_SESSION['userSession'] = $userRow['UCODE'];
                        return true;
                    }
                    else
                    {
                        header("Location: index.php?error");
                        exit;
                    }
                }
                else
                {
                    header("Location: index.php?inactive");
                    exit;
                }   
            }
            else
            {
                header("Location: index.php?error");
                exit;
            }       
        }
    catch(PDOException $ex)
    {
        echo $ex->getMessage();
    }
}

任何帮助都会非常感激

1 个答案:

答案 0 :(得分:0)

查看您的命名占位符:

(:User_Name, :billingemail, :password, :purchasedata, :active_code)

        $stmt->bindparam(":user_name",$uname);
        $stmt->bindparam(":user_mail",$email);
        $stmt->bindparam(":user_pass",$password);
        $stmt->bindparam(":active_code",$code);
        $stmt->bindparam(":purchasedata",$purchasedata);
  • 他们不匹配。

每个命名占位符必须匹配并使用lettercase。

示例:

:user_name:User_Name 相同。

所以这里:

(:user_name, :user_mail, :user_pass, :purchasedata, :active_code)

手册对此非常明确:

并且在使用MD5时不要使用它,它不再安全。

使用password_hash()

检查错误:

并确保您的列名称正确,并且可以将lettercase作为一个因素。