Warning: file_get_contents(/data/phpspider/zhask/data//catemap/1/php/236.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Php 如何判断哪个查询有错误?_Php_Mysql_Database_Pdo - Fatal编程技术网
Fatal编程技术网
  • php/
  • Php 如何判断哪个查询有错误?

Php 如何判断哪个查询有错误?

php mysql database

Php 如何判断哪个查询有错误?,php,mysql,database,pdo,Php,Mysql,Database,Pdo,我正在尝试转换我的mysqli数据库,该数据库非常容易受到PDO准备语句的攻击。我想我几乎得到了它,因为它实际上是将注册数据输入到数据库中,而不是其他数据库中。因此,我认为在这些问题上肯定存在一些问题,但我无法理解。下面是我的代码 <?php session_start(); // DATABASE CONNECTION $user = '****'; $pass = '****'; //CREATE CONNECTION // $conn = new mysqli($dbserver,

我正在尝试转换我的mysqli数据库,该数据库非常容易受到PDO准备语句的攻击。我想我几乎得到了它,因为它实际上是将注册数据输入到数据库中,而不是其他数据库中。因此,我认为在这些问题上肯定存在一些问题,但我无法理解。下面是我的代码

<?php
session_start();
// DATABASE CONNECTION
$user = '****';
$pass = '****';

//CREATE CONNECTION
// $conn = new mysqli($dbserver, $dbusername, $dbpassword, $db);
$pdo = new PDO('mysql:host=localhost;dbname=****', $user, $pass);



// ASSIGN VARIABLE FROM FORM
$username = $_POST['username'];
$password = $_POST['password'];
$email    = $_POST['email'];

$password = password_hash($password, PASSWORD_BCRYPT);

// CHECK IF USER IS UNIQUE

    $stmt = $pdo->prepare("SELECT username FROM users WHERE username = :name");
    $stmt->bindParam(':name', $username);
    $stmt->execute();

    if ($stmt->rowCount() > 0) {
        echo "That username already exist!";
    } else {
        //INSERT DATA INTO DATABASE
        $sql = "INSERT INTO users ( username, password, email )
    VALUES ( :username, :password, :email )";
        $sql1 = "INSERT INTO stats (id, username)
VALUES ((SELECT id FROM users WHERE username=':username'), (SELECT username FROM users WHERE username=':username'))";
        $sql2 = "INSERT INTO progression (id, username)
VALUES ((SELECT id FROM users WHERE username=':username'), (SELECT username FROM users WHERE username=':username'))";
        $sql3 = "INSERT INTO powervalues (id, username)
VALUES ((SELECT id FROM users WHERE username=':username'), (SELECT username FROM users WHERE username=':username'))";


        // EXECUTE AND PREPARE
        $query = $pdo->prepare($sql);
        $query1 = $pdo->prepare($sql1);
        $query2 = $pdo->prepare($sql2);
        $query3 = $pdo->prepare($sql3);
        $result = $query->execute(array( ':username'=>$username, ':password'=>$password, ':email'=>$email ));
        $result1 = $query1->execute(array( ':username'=>$username ));
        $result2 = $query2->execute(array( ':username'=>$username ));
        $result3 = $query3->execute(array( ':username'=>$username ));
        //EXECUTE QUERY
        if ($result && $result1 && $result2 && $result3) {
            $_SESSION['Accountsucess'] = "Account has been added sucessfully.";
            header("location: ../../index.php?page=index");
        } else {
            echo "Error database failure";
        }
    }

在用户表中插入用户后,获取最后一个插入ID,然后在后续调用中使用该ID,而不是不断选择信息的各个部分


  $sql = "INSERT INTO users ( username, password, email )
    VALUES ( :username, :password, :email )";
  $sql1 = "INSERT INTO stats (id, username)
    VALUES (:id,:username)";


    // EXECUTE AND PREPARE
    $query = $pdo->prepare($sql);
    $query1 = $pdo->prepare($sql1);

    $result = $query->execute(array( ':username'=>$username, ':password'=>$password, ':email'=>$email ));
    // Fetch id of new user
    $id = $pdo->lastInsertId();
    $result1 = $query1->execute(array( ':id' => $id, ':username'=>$username ));



对其他语句重复相同的逻辑。
使用PDO时错误检查的工作原理,是您应该能够自己研究/阅读的内容。让PDO告诉您的查询有什么问题。请参阅链接的问题