SQL:无法正确识别用户名和密码

时间:2011-09-25 02:53:57

标签: php mysql

..其中我无法弄清楚确切的问题是什么和/或为何互联网主义者抱怨这一点。我会发布我的代码:

<?php

    $path = realpath(dirname(__FILE__));

    require("../data/userhandler.class.php");

    $db = connectViaPdo();
    //var_dump($db);

    $userHandler = new UserHandler($db);

    $username = $_POST['username'];
    $password = $_POST['password'];
    $email = $_POST['email'];
    $ip = $_SERVER['REMOTE_ADDR'];

    $query = "select username, password from users where ip = {$ip}";
    $stmt = $db->prepare($query);
    $result = $stmt->fetch();

    if(!$result)
    {
        $isBanned = $userHandler->checkIfBanned($ip);

        if (!$isBanned)
        {
            $query = "INSERT INTO users(username, password, ip, email) VALUES({$username}, {$password}, {$ip}, {$email})";
            $stmt = $db->prepare($query);
            $result = $stmt->execute();
        }
        else
        {
            echo "You are BANNED from this server. Leave now and do not come back.";
            exit();
        }   
    }
    else
    {
        $query = "UPDATE users SET username = {$username}, password = {$password}, email = {$email} WHERE ip = {$ip} ";
        $stmt = $db->prepare($query);
        $result = $stmt->execute();
    }


?>

我的输出类似于以下内容:

Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '.193.239, test@email.com)' at line 1' in /home/someuser/somedomain.com/portfolio/private_html/modules/register_user.script.php:29 Stack trace: #0 /home/someuser/somedomain.com/portfolio/private_html/modules/register_user.script.php(29): PDOStatement->execute() #1 {main} thrown in /home/someuser/somedomain.com/portfolio/private_html/modules/register_user.script.php on line 29

虽然我确实遵循Stacktrace,但它似乎没有任何帮助:我的PDO语句是正确的。

1 个答案:

答案 0 :(得分:4)

我认为你的字符串值必须在引号内:

$query = "INSERT INTO users(username, password, ip, email) VALUES('{$username}', '{$password}', '{$ip}', '{$email}')";