以下是我所拥有的PHP代码导致此错误,我之前没有出现此错误,我在发布之前搜索并环顾四周并且无法找到一种方法来获取错误。
PHP(使用PHP):
<?php
require('includes/config.php');
$username = $_SESSION['username'];
if($_POST['username'] != $_SESSION['user']['username'])
{
// Define our query parameter values
$query_params = array(
':username' => $_POST['username']
);
$stmt = $db->prepare("SELECT username FROM members WHERE username = :username");
$stmt->execute($query_params);
// Retrieve results (if any)
if($stmt->rowCount() > 0)
{
die("This username is already in use");
}
try
{
$query_params = array(
':username' => $_POST['username'],
':last_username' => $username
);
// Execute the query
$stmt = $db->prepare("UPDATE members SET username = :username WHERE username = :last_username");
$result = $stmt->execute($query_params);
}
catch(PDOException $ex)
{
// Note: On a production website, you should not output $ex->getMessage().
// It may provide an attacker with helpful information about your code.
die("Failed to run query: " . $ex->getMessage());
}
}
?>
HTML:
<div id="changeusername" class="tab-pane">
<h3> Change Your Username : </h3>
<form method="post" action="changeusername.php" autocomplete="off">
<input type="text" name="username" id="username" class="form-control" placeholder="New Username" autofocus value="<?php if(isset($error)){ echo $_POST['username']; } ?>" tabindex="1">
<br>
<input type="password" name="password" id="password" class="form-control" placeholder="Confirm Your Password">
<br>
<button class="btn btn-theme btn-block" name="submit" type="submit"><i class="fa fa-lock"></i> Change Username</button>
</form>
错误我在输入Boom2后收到了哪个是新用户名,而boom1是旧用户名: 无法运行查询:SQLSTATE [42000]:语法错误或访问冲突:1064 SQL语法中出错;检查与您的MySQL服务器版本相对应的手册,以便在#boom;&#39; boom2&#39;附近使用正确的语法。用户名=&#39; boom1&#39;&#39;在第1行
答案 0 :(得分:0)
尝试更改
$stmt = $db->prepare("UPDATE members SET :username WHERE username = '$username'");
到
$stmt = $db->prepare("UPDATE members SET username=:username WHERE username = '$username'");
答案 1 :(得分:0)
您无法绑定列名,甚至也没有指定将值设置为的内容。
$stmt = $db->prepare("UPDATE members SET username = :username WHERE username = '$username'");
可能是你的意思。如果你真的想要一个变量列,你需要使用白名单或PHP中的东西来清理它。
顺便说一句,你不应该将$username直接放入字符串中,这也应该使用准备好的语句来完成。
答案 2 :(得分:0)
你必须在查询的下一行绑定列。
$ stmt = $ db-&gt; prepare(&#34; UPDATE成员SET:用户名WHERE用户名=&#39; $ username&#39;&#34;); $ stmt-&gt; bindParam(&#39;:username&#39;,$ username); $ result = $ stmt-&gt; execute();
答案 3 :(得分:0)
如果用户名存在,我会将您的PHP代码重写为错误并更正您的更新查询。请试一试:
<?php
require('includes/config.php');
$username = $_SESSION['username'];
if($_POST['username'] != $_SESSION['user']['username'])
{
// Define our query parameter values
$query_params = array(
':username' => $_POST['username']
);
$stmt = $db->prepare("SELECT username FROM members WHERE username = :username");
$stmt->execute($query_params);
// Retrieve results (if any)
if($stmt->rowCount() > 0)
{
die("This username is already in use");
}
try
{
$query_params = array(
':username' => $_POST['username'],
':last_username' => $username
);
// Execute the query
$stmt = $db->prepare("UPDATE members SET username = :username WHERE username = :last_username");
$result = $stmt->execute($query_params);
}
catch(PDOException $ex)
{
// Note: On a production website, you should not output $ex->getMessage().
// It may provide an attacker with helpful information about your code.
die("Failed to run query: " . $ex->getMessage());
}
}
?>