Php 代码中的数据库错误，可能是mySQL？_Php_Mysql_Security_Login_Mysqli

Php 代码中的数据库错误，可能是mySQL？

php mysql security login

Php 代码中的数据库错误，可能是mySQL？,php,mysql,security,login,mysqli,Php,Mysql,Security,Login,Mysqli,下面是这个人的一点建议：代码如下： include_once 'db_connect.php'; include_once 'psl-config.php'; $error_msg = ""; if (isset($_POST['username'], $_POST['email'], $_POST['p'])) { // Sanitize and validate the data passed in $username = filter_input(INPUT_POST

下面是这个人的一点建议：

代码如下：

include_once 'db_connect.php';
include_once 'psl-config.php';

$error_msg = "";

if (isset($_POST['username'], $_POST['email'], $_POST['p'])) {
    // Sanitize and validate the data passed in
    $username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING);
    $email = filter_input(INPUT_POST, 'email', FILTER_SANITIZE_EMAIL);
    $email = filter_var($email, FILTER_VALIDATE_EMAIL);
    if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
        // Not a valid email
        $error_msg .= '<p class="error">The email address you entered is not valid</p>';
    }

    $password = filter_input(INPUT_POST, 'p', FILTER_SANITIZE_STRING);
    if (strlen($password) != 128) {
        // The hashed pwd should be 128 characters long.
        // If it's not, something really odd has happened
        $error_msg .= '<p class="error">Invalid password configuration.</p>';
    }

    // Username validity and password validity have been checked client side.
    // This should should be adequate as nobody gains any advantage from
    // breaking these rules.
    //

    $prep_stmt = "SELECT id FROM members WHERE email = ? LIMIT 1";
    $stmt = $mysqli->prepare($prep_stmt);

   // check existing email  
    if ($stmt) {
        $stmt->bind_param('s', $email);
        $stmt->execute();
        $stmt->store_result();

        if ($stmt->num_rows == 1) {
            // A user with this email address already exists
            $error_msg .= '<p class="error">A user with this email address already exists.</p>';
        }
    } else {
        $error_msg .= '<p class="error">Database error for EMAIL</p>';
    }

    // check existing username
    $prep_stmt = "SELECT id FROM members WHERE username = ? LIMIT 1";
    $stmt = $members_mysqli->prepare($prep_stmt);
    if ($stmt) {
        $stmt->bind_param('s', $username);
        $stmt->execute();
        $stmt->store_result();

    if ($stmt->num_rows == 1) {
            // A user with this username already exists
            $error_msg .= '<p class="error">A user with this username already exists</p>';
    } else {
        $error_msg .= '<p class="error">Database error for USERNAME</p>';
    }

    // TODO:
    // We'll also have to account for the situation where the user doesn't have
    // rights to do registration, by checking what type of user is attempting to
    // perform the operation.

    if (empty($error_msg)) {
        // Create a random salt
        $random_salt = hash('sha512', uniqid(openssl_random_pseudo_bytes(16), TRUE));

        // Create salted password
        $password = hash('sha512', $password . $random_salt);

        // Insert the new user into the database
        if ($insert_stmt = $mysqli->prepare("INSERT INTO members (username, email, password, salt) VALUES (?, ?, ?, ?)")) {
            $insert_stmt->bind_param('ssss', $username, $email, $password, $random_salt);
            // Execute the prepared query.
            if (! $insert_stmt->execute()) {
                header('Location: ../error.php?err=Registration failure: INSERT');
            }
        }
        header('Location: ./register_success.php');
    }
}
}

如果我正确地阅读了代码，那么限制应该是1，但它给出了一个2，导致了数据库错误，我该如何解决这个问题

缺少一个大括号

，应该放在后面

$error_msg .= '<p class="error">A user with this username already exists</p>';

数据库错误是什么？我看到

$mysqli->prepare

，然后我看到

$members\u mysqli->prepare

您使用的是哪一个数据库连接，两者都是，一个都不是？将错误报告添加到文件顶部

错误报告（E_ALL）；ini设置（“显示错误”，1）；mysqli_报告（mysqli_报告错误| mysqli_报告严格）@hichris123错误是代码中给出的else消息。@Fred ii-我输入了代码，它只给出了相同的输出，我使用$mysqli->prepare，它足够接近MySQL信息（例如用户、过程、表）@Fred ii-就是这个！谢谢你的帮助：-）如果你愿意，你可以写答案，因为它不会让新手再做8个小时
$error_msg .= '<p class="error">A user with this username already exists</p>';

// check existing username
$prep_stmt = "SELECT id FROM members WHERE username = ? LIMIT 1";
$stmt = $members_mysqli->prepare($prep_stmt);
if ($stmt) {
    $stmt->bind_param('s', $username);
    $stmt->execute();
    $stmt->store_result();

if ($stmt->num_rows == 1) {
        // A user with this username already exists
  $error_msg .= '<p class="error">A user with this username already exists</p>';

    } // <-- right there

} else {
    $error_msg .= '<p class="error">Database error for USERNAME</p>';
}