无法使用PDO

时间:2017-04-17 05:56:14

标签: php mysql pdo

请告诉我,我做错了什么。 

<?php
if ( empty( $_POST ) ){
?>
<form name='registration' action='pdo1.php' method='POST'/>
  <input type="text" name="user_name">
  <input type="password" name="password">
  <input type="text" name="email">
  <button type="submit">Submit</button>
</form>
<?php
} else {
    // host, myU, myP and myDB are all correct
    $db_user = 'myU'; 
    $db_pass = 'myP'; 
    $db = new PDO( 'mysql:host=localhost;dbname=myDB', $db_user, $db_pass );

    $sql = "INSERT INTO users ( user_name, password, email ) VALUES ( :username, :password, :email )";

    $query = $db->prepare( $sql );
    $result = $query->execute( array( ':username'=>$username, ':password'=>$password, ':email'=>$email ) );

    if($result) {
        echo "Worked!";
    }
}
?>

当我点击提交时,我得到空白页面,没有“工作!”......显然这不会向数据库插入任何内容。

3 个答案:

答案 0 :(得分:0)

虽然使用框架很好,但是为了学习目的而尝试这个,注意没有完成验证或清理,你也不需要以纯文本形式存储密码,你需要阅读更多关于PHP安全性的信息,这个是为了学习,不应该在生产中使用...... 

<?php
if ( empty( $_POST ) ){
?>
<form name='registration' action='<?php echo $_SERVER["PHP_SELF"]; ?>' method='POST'/>
  <input type="text" name="user_name">
  <input type="password" name="password">
  <input type="text" name="email">
  <button type="submit">Submit</button>
</form>
<?php
} else {

 //n
 $username = $_POST["user_name"];
 $password = $_POST["password"];

$email= $_POST["email"];
    // host, myU, myP and myDB are all correct
    $db_user = 'myU'; 
    $db_pass = 'myP'; 
    $db = new PDO( 'mysql:host=localhost;dbname=myDB', $db_user, $db_pass );

    $sql = "INSERT INTO users ( user_name, password, email ) VALUES ( :username, :password, :email )";

    $query = $db->prepare( $sql );
    $result = $query->execute( array( ':username'=>$username, ':password'=>$password, ':email'=>$email ) );

    if($result) {
        echo "Worked!";
    }
}
?>

答案 1 :(得分:0)

没有定义变量,请在此处定义示例代码

$db_user = 'root'; 
$db_pass = ''; 
$db = new PDO( 'mysql:host=localhost;dbname=test', $db_user, $db_pass );
//declare
$username = $_POST['user_name'];
$password = $_POST['password'];
$email   = $_POST['email'];

$sql = "INSERT INTO users ( user_name, password, email ) VALUES ( :username, :password, :email )";

$query = $db->prepare( $sql );
$result = $query->execute( array( ':username'=>$username, ':password'=>$password, ':email'=>$email ) );

if($result) {
    echo "Worked!";
}

请使用像laravel或任何其他的框架,这是最好和最安全的方式

答案 2 :(得分:0)

如果$result - 变量定义如下,并且不定义变量$username, $password and $email

$result = $query->execute( 
    array( ':username'=>$username, 
           ':password'=>$password, 
           ':email'=>$email ) 
);

它将导致:

$result = $query->execute( 
    array( ':username'=>null, 
           ':password'=>null, 
           ':email'=>null ) 
);

因此sql-query将是:

$sql = "INSERT INTO users ( user_name, password, email ) 
VALUES ( null, null, null )";

以上的sql-query显然会失败(如果数据库表中的user_name,password和email不允许为null)

这就是为什么你必须定义从服务器获得的实际值,但从$_POST - 变量中获取值的原因。

您需要定义

$username = $_POST['user_name'];
$password = $_POST['password'];
$email   = $_POST['email'];

在定义

之前 
$result = $query->execute( 
    array( ':username'=>$username, 
           ':password'=>$password, 
           ':email'=>$email ) 
);
相关问题
最新问题