我在运行MySQL的PHP代码中需要帮助。
对于MySQL中的存储过程,我有以下内容:
create procedure register ( out userid int
,in username varchar(30)
,in unencryptedpassword varchar(100)
,in description varchar(100)
,in emailaddress varchar(100) )
begin
declare salt char(25);
declare createdById int;
declare createdDate datetime;
declare lastUpdatedById int;
declare lastUpdatedDate datetime;
set salt = 'abcdefghijklmnopqrstuvwxy';
set createdById = -1;
set createdDate = now();
set lastUpdatedById = -1;
set lastUpdatedDate = now();
insert into Users ( userId
, userName
, encryptedPassword
, description
, emailAddress
, createdById
, createdDate
, lastUpdatedById
, lastUpdatedDate )
values ( null
, username
, password(concat(username, salt, unencryptedpassword))
, description
, emailAddress
, createdById
, createdDate
, lastUpdatedById
, lastUpdatedDate );
set userid = last_insert_id();
commit;
end;
/
对于我的register.php页面,我有以下内容:
<?php
$host="localhost";
$db="mydb";
$uname="myuser";
$pword="mypass";
$firstname=$_POST["firstname"];
$lastname=$_POST["lastname"];
$emailaddress=$_POST["emailaddress"];
$newpassword=$_POST["newpassword"];
$mysqli = new mysqli( $host, $uname, $pword, $db );
$res = $mysqli->multi_query( "call register(@userid,$emailaddress,$newpassword,$firstname,$emailaddress)" );
$mysqli->close();
$_SESSION["sessionId"] = 1;
?>
问题是它永远不会插入到我的数据库中。任何人都可以帮助我。
感谢。
答案 0 :(得分:1)
您使用multi_query的原因是什么?您只执行一个'调用'查询。而且它充满了SQL注入漏洞,因为你没有逃避从_POST数组中提取的那4个值中的任何一个。
如果调用中的第一个查询失败,则mysp_multi_query返回booleanFALSE。您应该检查$res:
$res = $mysqli->multi_query(...);
if ($res === FALSE) {
die("Mysql error: " . $mysqli->error);
}