Php PDO寄存器用户函数
因此,经过数小时的调试,我无法找到让代码正常工作的方法。如果有人能帮助我或为我指出正确的方向,我将不胜感激。另外,我该如何保证这部分代码的安全Php PDO寄存器用户函数,php,mysql,pdo,Php,Mysql,Pdo,因此,经过数小时的调试,我无法找到让代码正常工作的方法。如果有人能帮助我或为我指出正确的方向,我将不胜感激。另外,我该如何保证这部分代码的安全 if (empty($_POST) === false && empty($errors) === true) { $register_data = array( 'username' => $_POST['username'],
if (empty($_POST) === false && empty($errors) === true) {
$register_data = array(
'username' => $_POST['username'],
'password' => $_POST['password'],
'email' => $_POST['email'],
'email_code' => md5($_POST['username'] + microtime())
);
register_user($db, $register_data);
header('location: register.php?success');
exit();
}
register\u userfunction register_user(PDO $db, $register_data) {
array_walk($register_data, 'array_sanitize');
$register_datapw = $register_data['password'];
require ('blowfish.class.php');
$bcrypt = new Bcrypt(4);
$register_datapw = $bcrypt->hash($register_datapw);
$fields = '`' . implode('`, `', array_keys($register_data)) . '`';
$data = '\'' . implode('\', \'', $register_data) . '\'';
$query = "INSERT INTO `users` ($fields) VALUES ($data)";
$stmt = $db->prepare($query);
$stmt->execute();
}
传递给register_user()的参数1必须是PDO的一个实例,数组给定,在…中调用。我已经照你说的做了,我相信这是有效的,但现在我要面对这个问题。
mysql\u real\u escape\u string():无法建立到服务器的链接function array_sanitize(&$item){
$item = htmlentities(strip_tags(mysql_real_escape_string($item)));
}
当您使用PDO准备方法时;尽量不要将值作为字符串传递给查询,而是在运行时绑定或提供它们:
$fields = '`' . implode('`, `', array_keys($register_data)) . '`';
$data = ':' . implode(', :', array_keys($register_data)) . '';
$query = "INSERT INTO `users` ($fields) VALUES ($data)";
stmt = $db->prepare( $query );
$stmt->execute( $register_data );
哪里定义了
$dbdb=new-PDO(“mysql:host=”.$config['db']['host']”;“dbname=”.$config['db']['dbname'],$config['db']['username'],$config['db']['password'])var\u dump($db)register\u user()