我试图弄清楚为什么我的代码不起作用。我在布尔"上得到"调用成员函数execute()这应该表明我犯了一个SQL错误。虽然我不确定它是什么。我一直在看其他帖子,但它们对我来说并不是很有用。对不起,如果它是重复的。
if(isset($_POST["signup"])) {
$username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING)
or die('Error: missing username');
$email = filter_input(INPUT_POST, 'email')
or die('Error: missing email');
$password = filter_input(INPUT_POST, 'password')
or die('Error: missing password');
$sql = $db->prepare('SELECT username, email FROM wyvern_user WHERE
username=?, email=?');
$sql->execute();
$sql->bind_result($username, $email);
while($stmt->fetch()) {
if($username && $email > 1) {
echo "User Already in Exists<br/>";
} else {
$query = $db->prepare("INSERT INTO wyvern_user (username, email, password)
VALUES(?, ?, ?)");
$query->bind_param('sss', $username, $email, $password);
$query->execute();
echo "Account created";}
}
}
这是我的形式,如果它有所作为。
<form class="theform" action="signup.php" method="post">
<p>Register as user:</p><br>
Username<span>*</span><input type="text" name="username" value=""
placeholder="username"><br><br>
Email<span>*</span> <input type="email" name="email" value=""
placeholder="email"><br><br>
Password<span>*</span><input type="password" name="password"
value="" placeholder="password"><br><br>
<input type="submit" name="signup" value="signup"><br><br>
</form>
答案 0 :(得分:0)
您的SQL语法不正确。在执行之前,您需要bind parameters to your statement,如果您不使用查询结果,则无需获取查询结果。也许这会奏效:
<?php
if(isset($_POST["signup"])) {
$username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING)
or die('Error: missing username');
$email = filter_input(INPUT_POST, 'email')
or die('Error: missing email');
$password = filter_input(INPUT_POST, 'password')
or die('Error: missing password');
$sql = $db->prepare('SELECT username, email FROM wyvern_user WHERE username=? AND email=?');
if (!$sql) {
die("Database error: $db->error");
}
$sql->bind_param("ss", $username, $email);
$sql->execute();
if ($sql->num_rows) {
echo "User already exists<br/>";
} else {
$query = $db->prepare("INSERT INTO wyvern_user (username, email, password) VALUES(?, ?, ?)");
$query->bind_param('sss', $username, $email, $password);
$query->execute();
echo "Account created";
}
}
不确定您的filter_input()
功能在做什么,但在使用预准备语句时您不需要进行任何清理。您可以使用filter_var()
和FILTER_VALIDATE_EMAIL
来检查电子邮件地址。