Php PDO准备的语句将空值插入mysql数据库
这是我的基本报名表Php PDO准备的语句将空值插入mysql数据库,php,mysql,sql,pdo,prepared-statement,Php,Mysql,Sql,Pdo,Prepared Statement,这是我的基本报名表 <form name="signUp" id="signUp" method="POST" action="insertUser.php"> <table> <tr> <td>Name</td> <td><input type="text" name="signUpNa
<form name="signUp" id="signUp" method="POST" action="insertUser.php">
<table>
<tr>
<td>Name</td>
<td><input type="text" name="signUpName" placeholder="Name"/></td>
</tr>
<tr>
<td>Email</td>
<td><input type="text" name="signUpEmail" placeholder="Email"/></td>
</tr>
<tr>
<td>Password</td>
<td><input type="password" name="signUpPassword" placeholder="password"/></td>
</tr>
<tr>
<td><input type="submit" name="submit" value="Go"/></td>
</tr>
</table>
</form>
该文件创建名为User
的类的对象,并将从表单接收的数据传递给该类的变量。User
类的userInsert
函数最终将数据插入数据库
<?php
class User{
public $userName, $userEmail, $userPassword;
public function getUserName(){
return $this->userName;
}
public function setUserName($userName){
$this->userName = $userName;
}
public function getUserEmail(){
return $this->userEmail;
}
public function setUserEmail($userEmail){
$this->userEmail = $userEmail;
}
public function getUserPassword(){
return $this->userPassword;
}
public function setUserPassword($userPassword){
$this->userPassword = $userPassword;
}
public function userInsert(){
global $userName, $userEmail, $userPassword;
include 'db_connection.php';
$r = $db->prepare("INSERT INTO user(Username, Useremail, Userpassword) VALUES(:userName, :userEmail, :userPassword);");
$r->bindParam(':userName',$userName);
$r->bindParam(':userEmail',$userEmail);
$r->bindParam(':userPassword',$userPassword);
$r->execute();
header('Location: index.php?successful=1');
}
}
现在的问题是,每次它插入NULL
input时
搜索了很多其他答案,但没有一个对我有效。得到一个暗示会有很大帮助。多谢各位 可能是您的userInsert()函数找不到变量值,因此在函数中传递这些参数,然后它应该如下面的代码所示
class User{
public $userName, $userEmail, $userPassword;
public function getUserName(){
return $this->userName;
}
public function setUserName($userName){
$this->userName = $userName;
}
public function getUserEmail(){
return $this->userEmail;
}
public function setUserEmail($userEmail){
$this->userEmail = $userEmail;
}
public function getUserPassword(){
return $this->userPassword;
}
public function setUserPassword($userPassword){
$this->userPassword = $userPassword;
}
public function userInsert($userName=null,$userEmail=null,$userPassword=null){
include 'db_connection.php';
$sql = "INSERT INTO user(Username, Useremail, Userpassword) VALUES($userName,$userEmail,$userPassword);";
if(mysqli_query($db,$sql) == TRUE){
header('Location: index.php?successful=1');
}
else{
header('Location: index.php?successful=0');
}
}
}请将您的查询替换为以下内容
$sql=“插入用户(用户名、用户电子邮件、用户密码)值(“$this->Username”、“$this->Useremail”、“$this->Userpassword”);” 警告:编写自己的访问控制层并不容易,而且有很多机会使它严重出错。请不要编写您自己的身份验证系统,因为任何现代的同类产品都具有强大的内置功能。至少要遵循并且永远不要将密码存储为纯文本。警告:当使用
mysqli
时,您应该使用和将用户数据添加到查询中。不要使用手动转义和字符串插值或串联来完成此操作,因为这样会创建严重的错误。意外地未扫描数据是一个严重的风险。您还奇怪地混合了面向对象的样式和用于向后兼容性的遗留过程变量,而不是新代码。大多数时候,您也不需要做==TRUE
之类的事情。检查功能。许多都是为了返回逻辑上真实的东西而设计的。@tadman非常感谢您在我的代码中指出了这些关键问题。但当我检查空字段时,我并没有得到将空白数据插入数据库的真正原因。它正在插入,但所有的行都是空行。“遗留程序”您是否将所有程序代码都称为遗留@tadman?谢谢。我修好了。顺便说一句,后来我尝试将PDO与准备好的语句一起使用,但现在它正在数据库中插入“NULL”值。你能告诉我为什么吗?请与我共享代码,然后我可以很容易地告诉你,感谢函数userInsert(){global$userName,$userEmail,$userPassword;包括'db_connection.php';$r=$db->prepare(“插入到用户(userName,userEmail,userPassword)值(:userName,:userEmail,:userPassword);)$r->bindParam(':userName',$userName);$r->bindParam(':userEmail',$userEmail);$r->bindParam(':userPassword',$userPassword);$r->execute();header('Location:index.php?successful=1');}谢谢,我已经修好了。非常感谢您的努力。:-)
<?php
try{
$db = new PDO("mysql:host=localhost;dbname=basicchatapp","root","");
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
}
catch(Exception $e){
die("Error: ");
}
?>
class User{
public $userName, $userEmail, $userPassword;
public function getUserName(){
return $this->userName;
}
public function setUserName($userName){
$this->userName = $userName;
}
public function getUserEmail(){
return $this->userEmail;
}
public function setUserEmail($userEmail){
$this->userEmail = $userEmail;
}
public function getUserPassword(){
return $this->userPassword;
}
public function setUserPassword($userPassword){
$this->userPassword = $userPassword;
}
public function userInsert($userName=null,$userEmail=null,$userPassword=null){
include 'db_connection.php';
$sql = "INSERT INTO user(Username, Useremail, Userpassword) VALUES($userName,$userEmail,$userPassword);";
if(mysqli_query($db,$sql) == TRUE){
header('Location: index.php?successful=1');
}
else{
header('Location: index.php?successful=0');
}
}