所以我在这里有以下PHP代码:
mysqli_stmt_bind_param($stmt,"s",$username);
mysqli_stmt_execute($stmt);
mysqli_stmt_store_result($stmt);
$resultCheck = mysqli_stmt_num_rows($stmt);
if($resultCheck > 0)
{
header("Location: ../signup.php?error=userTaken&u&mail=".$email);
exit();
}
else
{
$sql = "INSERT INTO users (uidUsers, emailUsers, pwdUsers) VALUES (?,?,?)";
$stmt = mysqli_stmt_init($conn);
if(!mysqli_stmt_prepare($stmt,$sql))
{
header("Location: ../signup.php?error=sqlerror");
exit();
}
else
{
$hashedPwd = password_hash($password, PASSWORD_DEFAULT);
mysqli_stmt_bind_param($stmt,"sss",$username,$email,$hashedPwd);
$bp = $stmt->execute();
if ( false===$bp )
{
die('Error with execute: ' . htmlspecialchars($stmt->error));
}
header("Location: ../signup.php?signup=success");
exit();
}
}
出现错误:
Error with execute: Column 'uidUsers' cannot be null.
无论我尝试了什么,准备好的语句都不起作用。但是,如果我使用
$sql = "INSERT INTO users (uidUsers, emailUsers, pwdUsers) VALUES (' ',' ',' ')"
if ($conn->query($sql) === TRUE) {
echo "New record created successfully";
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
并且仅插入数据而不对其进行消毒即可。
答案 0 :(得分:0)
在if(!mysqli_stmt_prepare($stmt,$sql))语句中,您正在执行没有绑定参数的$sql查询。也就是说,您执行prepare 1st,然后使用bind
使用以下代码:
$hashedPwd = password_hash($password, PASSWORD_DEFAULT);
$sql = "INSERT INTO users (uidUsers, emailUsers, pwdUsers) VALUES (?,?,?)";
$stmt = mysqli_stmt_init($conn);
mysqli_stmt_prepare($stmt,$sql);
mysqli_stmt_bind_param($stmt,"sss",$username,$email,$hashedPwd);
if (mysqli_stmt_execute($stmt))
{
mysqli_stmt_store_result($stmt);
if(mysqli_stmt_num_rows($stmt)>0) //check num rows ie user is available or not
{
header("Location: ../signup.php?signup=success"); //user available
exit();
}
else
{
header("Location: ../signup.php?error=sqlerror"); //user is not available
exit();
}
}
else
{
die('Error with execute: ' . htmlspecialchars($stmt->error)); //Query execution error
}
答案 1 :(得分:0)
所以我的PHP版本太旧了,不支持该功能,因此我将其设置为PHP 7.3,现在代码可以正常工作了。