我有一个注册表单,一旦用户为所有字段提供了正确的输入,就应该将填写的信息插入数据库中。每当我测试代码时,信息有时就会成功地插入数据库中,有时甚至不会抛出任何错误。在进行各种测试之后,很难确定是什么原因触发了插入失败,因为它是随机发生的。从数据库中提取的所有登录功能和操作均正常运行。下面显示的是假冒在线商店的代码。我必须对此程序采用面向对象的方法,以便在类函数定义中实现sqli代码。
httpOptions.headers.set('username', 'password');
httpOptions.headers.append('Access-Control-Allow-Origin', '*');
httpOptions.headers.append('Access-Control-Allow-Credentials', 'true');
httpOptions.headers.append('Access-Control-Allow-Methods', 'GET,POST,OPTIONS');
this.typesOfDBs = this.http.get<Info[]>(this.ROOT_URL, httpOptions);
以下代码是一个精巧的php文件的一部分,该文件初始化对象并调用函数
class User
{
protected $name;
protected $ID;
protected $password;
protected $userName;
protected $email;
protected $isAdmin;
protected function __construct($userName, $password, $email = null, $name = null, $ID = null, $isAdmin = false)
{
$this->name = $name;
$this->ID = $ID;
$this->password = $password;
$this->userName = $userName;
$this->email = $email;
$this->isAdmin = false;
}
public function login(&$usernameError)
{
if($userInfo = $this->validateCredentials($usernameError))
{
$this->ID = $userInfo['userId'];
$this->isAdmin = $userInfo['isAdmin'];
$this->name = $userInfo['name'];
$this->userName = $userInfo['username'];
$this->email = $userInfo['email'];
//$this->password = $userInfo['password'];
return true;
}
else
{
return false;
}
}
private function validateCredentials(&$usernameError)
{
require "include/login-Database.inc.php";
$query = "SELECT * FROM users WHERE username = ? or email = ?";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $query))
{
echo "SQL error 1";
exit();
}
else
{
mysqli_stmt_bind_param($stmt, "ss", $this->userName, $this->userName);
mysqli_stmt_execute($stmt);
$resultUser = mysqli_stmt_get_result($stmt);
if ($row = mysqli_fetch_assoc($resultUser))
{
$checkPassword = password_verify($this->password, $row['password']);
if (!$checkPassword)
{
$usernameError = "password incorrect";
return null;
}
else
{
return $row;
}
}
else
{
$usernameError = "usernmae is incorrect";
return null;
}
}
}
public function logOut()
{
if (session_status() == PHP_SESSION_NONE)
{
session_start();
}
session_unset();
session_destroy();
}
}
class Customer extends User
{
private $phone;
private $address;
public function __construct($username, $password, $email = null, $name = null, $address = null, $phone = null)
{
$this->phone = $phone;
$this->address = $address;
parent::__construct($username, $password, $email, $name);
}
public function signUp(&$usernameError, &$emailError)
{
require "include/login-Database.inc.php";
$query1 = "SELECT username FROM users WHERE username = ?";
$stmt1 = mysqli_stmt_init($conn);
$query2 = "SELECT username FROM users WHERE email = ?";
$stmt2 = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt1, $query1) || !mysqli_stmt_prepare($stmt2, $query2))
{
$usernameError = "SQL error";
return false;
}
else
{
mysqli_stmt_bind_param($stmt1, "s", $this->userName);
mysqli_stmt_execute($stmt1);
mysqli_stmt_store_result($stmt1);
mysqli_stmt_bind_param($stmt2, "s", $this->email);
mysqli_stmt_execute($stmt2);
mysqli_stmt_store_result($stmt2);
$resultUsername = mysqli_stmt_num_rows($stmt1);
$resultEmail = mysqli_stmt_num_rows($stmt2);
if($resultUsername > 0 or $resultEmail > 0)
{
if ($resultUsername > 0)
{
$usernameError = "Username is already taken";
}
if ($resultEmail > 0)
{
$emailError = "Email is already in use";
}
return false;
}
else
{
//Generate customerId
$isTaken = true;
while ($isTaken)
{
$customerId = abs( crc32( uniqid() ) );
$query4 = "SELECT customerId FROM users WHERE customerId = ?";
$stmt4 = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt4, $query4))
{
$usernameError = "SQL error";
return false;
}
else
{
mysqli_stmt_bind_param($stmt4, "i", $customerId);
mysqli_stmt_execute($stmt4);
mysqli_stmt_store_result($stmt4);
$resultId = mysqli_stmt_num_rows($stmt4);
if($resultId == 0)
{
$isTaken = false;
}
}
}
$query5 = "INSERT INTO customers (customerId, customerPhone, customerAddress) VALUES (?,?,?)";
$stmt5 = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt5, $query5))
{
$usernameError = "SQL error";
return false;
}
else
{
mysqli_stmt_bind_param($stmt5, "iss", $customerId, $this->phone, $this->address);
mysqli_stmt_execute($stmt5);
}
$query3 = "INSERT INTO users (userId, adminId, customerId, username, name, email, password, isAdmin) VALUES (?, ?, ?, ?, ?, ?, ?, ?)";
$stmt3 = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt3, $query3))
{
$usernameError = "SQL error";
return false;
}
else
{
$username = $this->userName;
$name = $this->name;
$email = $this->email;
$notAdmin = 0;
$noAdminId = null;
$pass = password_hash($this->password, PASSWORD_DEFAULT);
mysqli_stmt_bind_param($stmt3, "iiissssi", $customerId, $noAdminId, $customerId ,$username, $name, $email, $pass, $notAdmin);
mysqli_stmt_execute($stmt3);
return true;
}
}
}
}
以下两个图像是用户表和客户表的结构。
让我知道你们的想法。谢谢。
