Php 代码中的数据库错误,可能是mySQL?
下面是这个人的一点建议: 代码如下:Php 代码中的数据库错误,可能是mySQL?,php,mysql,security,login,mysqli,Php,Mysql,Security,Login,Mysqli,下面是这个人的一点建议: 代码如下: include_once 'db_connect.php'; include_once 'psl-config.php'; $error_msg = ""; if (isset($_POST['username'], $_POST['email'], $_POST['p'])) { // Sanitize and validate the data passed in $username = filter_input(INPUT_POST
include_once 'db_connect.php';
include_once 'psl-config.php';
$error_msg = "";
if (isset($_POST['username'], $_POST['email'], $_POST['p'])) {
// Sanitize and validate the data passed in
$username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING);
$email = filter_input(INPUT_POST, 'email', FILTER_SANITIZE_EMAIL);
$email = filter_var($email, FILTER_VALIDATE_EMAIL);
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
// Not a valid email
$error_msg .= '<p class="error">The email address you entered is not valid</p>';
}
$password = filter_input(INPUT_POST, 'p', FILTER_SANITIZE_STRING);
if (strlen($password) != 128) {
// The hashed pwd should be 128 characters long.
// If it's not, something really odd has happened
$error_msg .= '<p class="error">Invalid password configuration.</p>';
}
// Username validity and password validity have been checked client side.
// This should should be adequate as nobody gains any advantage from
// breaking these rules.
//
$prep_stmt = "SELECT id FROM members WHERE email = ? LIMIT 1";
$stmt = $mysqli->prepare($prep_stmt);
// check existing email
if ($stmt) {
$stmt->bind_param('s', $email);
$stmt->execute();
$stmt->store_result();
if ($stmt->num_rows == 1) {
// A user with this email address already exists
$error_msg .= '<p class="error">A user with this email address already exists.</p>';
}
} else {
$error_msg .= '<p class="error">Database error for EMAIL</p>';
}
// check existing username
$prep_stmt = "SELECT id FROM members WHERE username = ? LIMIT 1";
$stmt = $members_mysqli->prepare($prep_stmt);
if ($stmt) {
$stmt->bind_param('s', $username);
$stmt->execute();
$stmt->store_result();
if ($stmt->num_rows == 1) {
// A user with this username already exists
$error_msg .= '<p class="error">A user with this username already exists</p>';
} else {
$error_msg .= '<p class="error">Database error for USERNAME</p>';
}
// TODO:
// We'll also have to account for the situation where the user doesn't have
// rights to do registration, by checking what type of user is attempting to
// perform the operation.
if (empty($error_msg)) {
// Create a random salt
$random_salt = hash('sha512', uniqid(openssl_random_pseudo_bytes(16), TRUE));
// Create salted password
$password = hash('sha512', $password . $random_salt);
// Insert the new user into the database
if ($insert_stmt = $mysqli->prepare("INSERT INTO members (username, email, password, salt) VALUES (?, ?, ?, ?)")) {
$insert_stmt->bind_param('ssss', $username, $email, $password, $random_salt);
// Execute the prepared query.
if (! $insert_stmt->execute()) {
header('Location: ../error.php?err=Registration failure: INSERT');
}
}
header('Location: ./register_success.php');
}
}
}
如果我正确地阅读了代码,那么限制应该是1,但它给出了一个2,导致了数据库错误,我该如何解决这个问题 缺少一个大括号
}
,应该放在后面
$error_msg .= '<p class="error">A user with this username already exists</p>';
数据库错误是什么?我看到
$mysqli->prepare
,然后我看到$members\u mysqli->prepare
您使用的是哪一个数据库连接,两者都是,一个都不是?将错误报告添加到文件顶部错误报告(E_ALL);ini设置(“显示错误”,1);mysqli_报告(mysqli_报告错误| mysqli_报告严格)代码>@hichris123错误是代码中给出的else消息。@Fred ii-我输入了代码,它只给出了相同的输出,我使用$mysqli->prepare,它足够接近MySQL信息(例如用户、过程、表)@Fred ii-就是这个!谢谢你的帮助:-)如果你愿意,你可以写答案,因为它不会让新手再做8个小时
$error_msg .= '<p class="error">A user with this username already exists</p>';
// check existing username
$prep_stmt = "SELECT id FROM members WHERE username = ? LIMIT 1";
$stmt = $members_mysqli->prepare($prep_stmt);
if ($stmt) {
$stmt->bind_param('s', $username);
$stmt->execute();
$stmt->store_result();
if ($stmt->num_rows == 1) {
// A user with this username already exists
$error_msg .= '<p class="error">A user with this username already exists</p>';
} // <-- right there
} else {
$error_msg .= '<p class="error">Database error for USERNAME</p>';
}