..其中我无法弄清楚确切的问题是什么和/或为何互联网主义者抱怨这一点。我会发布我的代码:
<?php
$path = realpath(dirname(__FILE__));
require("../data/userhandler.class.php");
$db = connectViaPdo();
//var_dump($db);
$userHandler = new UserHandler($db);
$username = $_POST['username'];
$password = $_POST['password'];
$email = $_POST['email'];
$ip = $_SERVER['REMOTE_ADDR'];
$query = "select username, password from users where ip = {$ip}";
$stmt = $db->prepare($query);
$result = $stmt->fetch();
if(!$result)
{
$isBanned = $userHandler->checkIfBanned($ip);
if (!$isBanned)
{
$query = "INSERT INTO users(username, password, ip, email) VALUES({$username}, {$password}, {$ip}, {$email})";
$stmt = $db->prepare($query);
$result = $stmt->execute();
}
else
{
echo "You are BANNED from this server. Leave now and do not come back.";
exit();
}
}
else
{
$query = "UPDATE users SET username = {$username}, password = {$password}, email = {$email} WHERE ip = {$ip} ";
$stmt = $db->prepare($query);
$result = $stmt->execute();
}
?>
我的输出类似于以下内容:
Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '.193.239, test@email.com)' at line 1' in /home/someuser/somedomain.com/portfolio/private_html/modules/register_user.script.php:29 Stack trace: #0 /home/someuser/somedomain.com/portfolio/private_html/modules/register_user.script.php(29): PDOStatement->execute() #1 {main} thrown in /home/someuser/somedomain.com/portfolio/private_html/modules/register_user.script.php on line 29
虽然我确实遵循Stacktrace,但它似乎没有任何帮助:我的PDO语句是正确的。
答案 0 :(得分:4)
我认为你的字符串值必须在引号内:
$query = "INSERT INTO users(username, password, ip, email) VALUES('{$username}', '{$password}', '{$ip}', '{$email}')";