Question

我编写了一个代码来保护我免受sql注入，但现在它甚至都没有创建用户。这是我的代码：

    <?php
$user = $_GET['username'];
$pass = $_GET['password'];

$servername = "localhost";
$username = "root";
$password = "";
$dbname = "test123";

$conn = new mysqli($servername, $username, $password, $dbname);
function selectInfo($user, $pass){
    global $conn;
    $stmt = $conn->prepare("INSERT INTO users (username, password) VALUES (?, ?)");
    $stmt->bind_param("ss", $user, $pass);
    $stmt->execute();
    $stmt->close();
    }
?>

执行时没有错误，但它不会创建我需要的用户。抱歉代码不好。我是新人。

Answer 1

真正的原因是你没有调用函数

要么这样做

  <?php
$user = $_GET['username'];
$pass = $_GET['password'];

$servername = "localhost";
$username = "root";
$password = "";
$dbname = "test123";

$conn = new mysqli($servername, $username, $password, $dbname);
function selectInfo($user, $pass){
    global $conn;
    $stmt = $conn->prepare("INSERT INTO users (username, password) VALUES (?, ?)");
    $stmt->bind_param("ss", $user, $pass);
    $stmt->execute();
    $stmt->close();
    }
selectInfo($user, $pass);
?>

或

<?php
$user = $_GET['username'];
$pass = $_GET['password'];

$servername = "localhost";
$username = "root";
$password = "";
$dbname = "test123";

$conn = new mysqli($servername, $username, $password, $dbname);

    $stmt = $conn->prepare("INSERT INTO users (username, password) VALUES (?, ?)");
    $stmt->bind_param("ss", $user, $pass);
    $stmt->execute();
    $stmt->close();


?>

Php不会在数据库中创建用户

1 个答案: