我目前正在尝试使用mysqli_prepare和bind_param语句,以便将论点更安全地传递到我的查询中。我在做mysqli_query来执行它们,然后正常工作。我的教授要求我们使用准备。我目前正在从表单中获取适当的值,但是没有将数据输入到客户表中。另外,我的execute()命令上有mysqli_error(),但是根本没有收到任何错误,这使调试变得很困难。这是位于register.php中的php部分。
<?php
require 'connection.php';
$result = "";
if(isset($_POST['register'])) {
#Fetch the data from the fields
$username = $_POST['username'];
$password = $_POST['password'];
$name = $_POST['name'];
$total = 0.0;
#echo $username . " " . $password . " " . $name . " " . $total;
#Prepare sql query to see if account already exists
$query = mysqli_prepare("SELECT * FROM customer WHERE username=?");
$query->bind_param("s", $username);
$query->execute() or die(mysqli_error());
if(mysqli_num_rows($query) > 0) {
#This username already exists in db
$result = "Username already exists";
} else {
$insert = mysqli_prepare("INSERT INTO customer(username, password, name, total) VALUES (?, ?, ?, ?)");
$insert->bind_param("sssd", $username, $password, $name, $total);
$insert->execute() or die(mysqli_error());
#$result = "Account registered!"
}
}
?>
我这样在connection.php中建立与数据库的连接
$conn = new mysqli(DB_HOST, DB_USERNAME, DB_PASSWORD, DB_DATABASE);
就像我之前说的,我可以使用mysqli_query来执行查询,但是由于某种原因,我无法使param正常工作。还尝试添加或死亡,但没有打印错误