我目前有一个登录系统,我试图将其从Mysqli转换为PDO。
我目前有一个网站,数据库中附加了phpMyAdmin / MySQL。
我试图转换所有内容,现在我将向您展示系统的Signup.inc.php部分,因为我已经拥有使用PDO的登录部分。
这就是我所拥有的。
SIGNUP.INC.PHP
<?php
//check if the user has clicked the login button
if (isset($_POST['submit'])) {
//Then we include the database connection
include_once 'dbh.inc.php';
require_once 'dbh.inc.php';
// then get the data from the signup form
$phone = $_POST['phone'];
$zip = $_POST['zip'];
$email = $_POST['email'];
$name = $_POST['name'];
$password = $_POST['password'];
//Error handlers
//Error handlers are important to avoid any mistakes the user might have made when filling out the form!
//Check for empty fields
if (empty($name) || empty($phone) || empty($email) || empty($zip) || empty($password)) {
header("Location: ../signup.php?signup=empty");
exit();
} else {
if (
!preg_match("/[\w\s]+/", $name) || !preg_match("/^(\\+)[0-9]{8,30}$/", $phone) ||
!preg_match("/[^@]+@[^@]+\.[^@]+/", $email) || !preg_match("/^[0-9]{4}$/", $zip) ||
!preg_match("/^(?=.*?[A-Z])(?=.*?[a-z])(?=.*?[0-9]).{8,}$/", $password)
) {
header("Location: ../signup.php?signup=invalid");
exit();
} else {
//Check email
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
header("Location: ../signup.php?signup=email");
exit();
} else {
$stmt = $conn->prepare("SELECT * FROM users WHERE user_id=:$user_id");
$stmt->bindParam(':name', $user_id, PDO::PARAM_STR);
if (!$stmt->execute()) {
header("Location: ../signup.php?signup=usertaken");
exit();
} else {
//Hashing of the Password
$hashedPwd = password_hash($password, PASSWORD_DEFAULT);
//Insert user to database
$sql = "INSERT INTO users (user_name, user_phone, user_email,
user_zip, user_password) VALUES ('$name', '$phone', '$email',
'$zip', '$hashedPwd');";
$stmt= $pdo->prepare($sql);
$stmt->execute([$name, $phone, $email, $zip, $hashedPwd ]);
header("Location: ../signup.php?signup=success");
exit();
}
}
}}}
DBH.INC.PHP
<?php
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "loginsystem";
try {
$conn = new PDO("mysql:host=$servername;dbname=$dbname",
$username,
$password,
array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION));
}
catch(PDOException $e) {
echo $e->getMessage();
}
每当我尝试注册时,都会重定向到该URL(http://localhost/php44/includes/signup.inc.php)。
并显示此错误:
注意:未定义的变量:第40行的C:\ xampp \ htdocs \ php44 \ includes \ signup.inc.php中的user_id
致命错误:未捕获的PDOException:SQLSTATE [42000]:语法错误或访问冲突:1064您的SQL语法有错误;请参阅附录A。检查与您的MariaDB服务器版本相对应的手册以获取正确的语法,以在C:\ xampp \ htdocs \ php44 \ includes \ signup.inc.php:48中的第1行的':'附近使用:堆栈跟踪:#0 C:\ xampp \ htdocs \ php44 \ includes \ signup.inc.php(48):PDOStatement-> execute()#1 {main}放在第48行的C:\ xampp \ htdocs \ php44 \ includes \ signup.inc.php中< / p>
我不知道问题出在哪里,我应该怎么做才能解决它,因此任何帮助将不胜感激。
编辑:
这就是我现在所拥有的! :)
<?php
//check if the user has clicked the login button
if (isset($_POST['submit'])) {
//Then we include the database connection
include_once 'dbh.inc.php';
require_once 'dbh.inc.php';
// then get the data from the signup form
$phone = $_POST['phone'];
$zip = $_POST['zip'];
$email = $_POST['email'];
$name = $_POST['name'];
$password = $_POST['password'];
//Error handlers
//Error handlers are important to avoid any mistakes the user might have made when filling out the form!
//Check for empty fields
if (empty($name) || empty($phone) || empty($email) || empty($zip) || empty($password)) {
header("Location: ../signup.php?signup=empty");
exit();
} else {
if (
!preg_match("/[\w\s]+/", $name) || !preg_match("/^(\\+)[0-9]{8,30}$/", $phone) ||
!preg_match("/[^@]+@[^@]+\.[^@]+/", $email) || !preg_match("/^[0-9]{4}$/", $zip) ||
!preg_match("/^(?=.*?[A-Z])(?=.*?[a-z])(?=.*?[0-9]).{8,}$/", $password)
) {
header("Location: ../signup.php?signup=invalid");
exit();
} else {
//Check email
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
header("Location: ../signup.php?signup=email");
exit();
} else {
$stmt = $conn->prepare("SELECT * FROM users WHERE user_id=:user_id");
$stmt->bindParam(':userid', $user_id, PDO::PARAM_STR);
if (!$stmt->execute()) {
header("Location: ../signup.php?signup=usertaken");
exit();
} else {
//Hashing of the Password
$hashedPwd = password_hash($password, PASSWORD_DEFAULT);
//Insert user to database
$sql = "INSERT INTO users (user_name, user_phone, user_email,
user_zip, user_password) VALUES ('name', 'phone', 'email',
'zip', 'hashedPwd');";
$stmt= $pdo->prepare($sql);
$stmt->execute([':name' => $name,
':phone' => $phone,
':email' => $email,
':zip' => $zip,
':hashedPwd'=> $hashedPwd
]);
header("Location: ../signup.php?signup=success");
exit();
}
}
}}}
我仍然收到此致命错误:
致命错误:未捕获的PDOException:SQLSTATE [HY093]:无效的参数编号:在C:\ xampp \ htdocs \ php44 \ includes \ signup.inc.php:44中未定义参数堆栈跟踪:#0 C:\ xampp \ htdocs \ php44 \ includes \ signup.inc.php(44):PDOStatement-> execute()#1 {main}在第44行的C:\ xampp \ htdocs \ php44 \ includes \ signup.inc.php中引发
答案 0 :(得分:2)
它是一个简单的TYPO
$stmt = $conn->prepare("SELECT * FROM users WHERE user_id=:$user_id");
// remove the $ from here ^
// and change this to use the alias you used
// from
$stmt->bindParam(':name', $user_id, PDO::PARAM_STR);
// to
$stmt->bindParam(':user_id', $user_id, PDO::PARAM_STR);
所以
$stmt = $conn->prepare("SELECT * FROM users WHERE user_id=:user_id");
$stmt->bindParam(':user_id', $user_id, PDO::PARAM_STR);
另一个问题
您还应该在此查询中使用参数
$sql = "INSERT INTO users (user_name, user_phone, user_email, user_zip, user_password)
VALUES (:name, :phone, :email, :zip, :hashedPwd)";
$stmt= $pdo->prepare($sql);
$stmt->execute([':name' => $name,
':phone' => $phone,
':email' => $email,
':zip' => $zip,
':hashedPwd'=> $hashedPwd
]);