PHP准备好的陈述;我们的结果

时间:2018-06-02 08:49:44

标签: php mysql email prepared-statement email-verification

我尝试在PHP中实现新闻稿功能。当用户在我们的网站上订阅时,会向他们发送验证电子邮件。如果他们已经订阅,他们会收到如下消息:“您已经订阅”或“已经注册的电子邮件,但未经过验证。电子邮件已被重新发送。

function new_member($email,$list_id)
{
  global $db;
  $san_email = filter_var($email, FILTER_SANITIZE_EMAIL);
  if (filter_var($san_email, FILTER_VALIDATE_EMAIL))
  {
    $hash = openssl_random_pseudo_bytes(10, $cstrong);
    $qry = "SELECT COUNT(*),active,access_hash FROM ".MYSQL_PREFIX."mailing_list_member WHERE address = '?' AND list_id = ?";
    var_dump($qry);
    if ($stmt = $db->prepare($qry)) {
      $stmt->bind_param("si", $san_email, $list_id);
      $stmt->bind_result($count,$active,$db_hash);
      $stmt->fetch();
      $stmt->close();
    } else {
      echo "sendet query: <pre>".$qry."</pre>\n"."Antwort: ".$db->error;
    }

    if ($count==1) {
      if ($active==1){
        return "E-Mail-Addresse bereits angemeldet.";
      } else {
        send_verification_mail($san_email,$list_id,$db_hash);
        return "E-Mail-Addresse bereits angemeldet, allerdings noch nicht bestätigt. Bestätigungsmail wurde erneut gesendet.";
      }
    } else {
      $qry = "INSERT INTO ".MYSQL_PREFIX."mailing_list_member (address,list_id,access_hash) VALUES ('?',?,'?')";
      if ($stmt = $db->prepare($qry)) {
        var_dump($san_email);
        $stmt->bind_param("sis", $san_email, $list_id, $hash);
        $stmt->fetch();
        $stmt->close();
        send_verification_mail($san_email,$list_id,$hash);
        return "Bestätigungsemail wurde erfolgreich an ".$san_email." gesendet.";
      } else {
        echo "sendet query: <pre>".$qry."</pre>\n"."Antwort: ".$db->error;
      }
    }
  } else {
    return "Keine gültige E-Mail-Addresse angegeben!";
  }
}

出于测试目的,这个函数被调用(在那里有一个令牌邮件):

echo new_member('mail@example.com',1);

如果我这样做,邮件将被发送到正确的电子邮件地址,但不会插入到数据库中。即使用户已经在数据库中,也会发送电子邮件。

1 个答案:

答案 0 :(得分:0)

?-Placeholder不需要在引号中,并且两个预准备语句都会错过执行命令。第一个需要是:

$qry = "SELECT COUNT(*),active,access_hash FROM ".MYSQL_PREFIX."mailing_list_member WHERE address = ? AND list_id = ?";
 if ($stmt = $db->prepare($qry)) {
  $stmt->bind_param("si", $san_email,$list_id);
  $stmt->execute();
  $stmt->bind_result($count,$active,$db_hash);
  $stmt->fetch();
  $stmt->close();
}

和第二个:

$qry = "INSERT INTO ".MYSQL_PREFIX."mailing_list_member (address,list_id,access_hash) VALUES (?,?,?)";
 if ($stmt = $db->prepare($qry)) {
    $stmt->bind_param("sis", $san_email, $list_id, $hash);
    $stmt->execute();       
    send_verification_mail($san_email,$list_id,$hash);
    $stmt->close();
    return "Bestätigungsemail wurde erfolgreich an ".$san_email." gesendet.";
  }
相关问题
最新问题