使用预准备语句

时间:2017-08-05 12:49:23

标签: php mysql prepared-statement

在这个网站上有类似的问题,但非处理准备好的陈述。这是我试图用准备好的陈述复制这些解决方案,但它不起作用。我正在尝试将$ username_同时插入两个表的用户名列中。数据成功插入第一个表,但不是第二个表。

这是我的代码:

include_once 'dbh.inc.php';
/* insert data into "candidates" table*/
$stmt_values = $conn->prepare("INSERT INTO candidates (username, firstname, lastname,
password, coalition,program, starting_year, slogan, email) VALUES
(?, ?, ?, ?, ?, ?, ?, ?, ?)");
$stmt_values->bind_param("sssssssss", $username_, $fname_, $lname_,
$hashedPwd, $coalition_, $program_, $starting_year_, $slogan_, $email_);
/* hash the password */
$hashedPwd = password_hash($pw, PASSWORD_DEFAULT);
$fname_ = $_POST['fname'];
$lname_ = $_POST['lname'];
$username_ = $_POST['username'];
$email_ = $_POST['email'];
$coalition_ = $_POST['coalition'];
$program_ = $_POST['program'];
$starting_year_ = $_POST['starting_year'];
$slogan_ = $_POST['slogan'];
$stmt_values->execute();
/* insert the username into the candidates_answer table also. this table contains the
candidates answer to the questions for the voting machine */
$stmt_values_2 = $conn->prepare("INSERT INTO candidate_answers (username, q1, q2, q3, q4, q5, q6) VALUES (?, ?, ?, ?, ?, ?, ?)");
$stmt_values_2->bind_param("sssssss",$username1_, $q1, $q2, $q3, $q4, $q5, $q6);
$username1_ = $_POST['username'];$q1='';$q2='';$q3='';$q4='';$q5='';$q6='';
$stmt_values_2->execute();
header("location: ../register.php?register=success!");
exit();

第二个表的模式: schema 数据没有插入第二个表的原因是什么?感谢

1 个答案:

答案 0 :(得分:0)

在使用变量之前声明变量,而不是在:

之后 
include_once 'dbh.inc.php';

/* hash the password and DECLARE VARIABLES*/
$hashedPwd = password_hash($pw, PASSWORD_DEFAULT);
$fname_ = $_POST['fname'];
$lname_ = $_POST['lname'];
$username_ = $_POST['username'];
$email_ = $_POST['email'];
$coalition_ = $_POST['coalition'];
$program_ = $_POST['program'];
$starting_year_ = $_POST['starting_year'];
$slogan_ = $_POST['slogan'];

/* insert data into "candidates" table*/
$stmt_values = $conn->prepare("INSERT INTO candidates (username, firstname, lastname,
password, coalition,program, starting_year, slogan, email) VALUES
(?, ?, ?, ?, ?, ?, ?, ?, ?)");
$stmt_values->bind_param("sssssssss", $username_, $fname_, $lname_,
$hashedPwd, $coalition_, $program_, $starting_year_, $slogan_, $email_);
$stmt_values->execute();
/* insert the username into the candidates_answer table also. this table contains the
candidates answer to the questions for the voting machine */
/* Declare variables */
$username1_ = $_POST['username'];
// Still hard to read and bad practice:
$q1 = $q2 = $q3 = $q4 = $q5 = $q6 = '';

$stmt_values_2 = $conn->prepare("INSERT INTO candidate_answers (username, q1, q2, q3, q4, q5, q6) VALUES (?, ?, ?, ?, ?, ?, ?)");
$stmt_values_2->bind_param("sssssss",$username1_, $q1, $q2, $q3, $q4, $q5, $q6);
$stmt_values_2->execute();
相关问题
最新问题