Php 如何判断哪个查询有错误?
我正在尝试转换我的mysqli数据库,该数据库非常容易受到PDO准备语句的攻击。我想我几乎得到了它,因为它实际上是将注册数据输入到数据库中,而不是其他数据库中。因此,我认为在这些问题上肯定存在一些问题,但我无法理解。下面是我的代码Php 如何判断哪个查询有错误?,php,mysql,database,pdo,Php,Mysql,Database,Pdo,我正在尝试转换我的mysqli数据库,该数据库非常容易受到PDO准备语句的攻击。我想我几乎得到了它,因为它实际上是将注册数据输入到数据库中,而不是其他数据库中。因此,我认为在这些问题上肯定存在一些问题,但我无法理解。下面是我的代码 <?php session_start(); // DATABASE CONNECTION $user = '****'; $pass = '****'; //CREATE CONNECTION // $conn = new mysqli($dbserver,
<?php
session_start();
// DATABASE CONNECTION
$user = '****';
$pass = '****';
//CREATE CONNECTION
// $conn = new mysqli($dbserver, $dbusername, $dbpassword, $db);
$pdo = new PDO('mysql:host=localhost;dbname=****', $user, $pass);
// ASSIGN VARIABLE FROM FORM
$username = $_POST['username'];
$password = $_POST['password'];
$email = $_POST['email'];
$password = password_hash($password, PASSWORD_BCRYPT);
// CHECK IF USER IS UNIQUE
$stmt = $pdo->prepare("SELECT username FROM users WHERE username = :name");
$stmt->bindParam(':name', $username);
$stmt->execute();
if ($stmt->rowCount() > 0) {
echo "That username already exist!";
} else {
//INSERT DATA INTO DATABASE
$sql = "INSERT INTO users ( username, password, email )
VALUES ( :username, :password, :email )";
$sql1 = "INSERT INTO stats (id, username)
VALUES ((SELECT id FROM users WHERE username=':username'), (SELECT username FROM users WHERE username=':username'))";
$sql2 = "INSERT INTO progression (id, username)
VALUES ((SELECT id FROM users WHERE username=':username'), (SELECT username FROM users WHERE username=':username'))";
$sql3 = "INSERT INTO powervalues (id, username)
VALUES ((SELECT id FROM users WHERE username=':username'), (SELECT username FROM users WHERE username=':username'))";
// EXECUTE AND PREPARE
$query = $pdo->prepare($sql);
$query1 = $pdo->prepare($sql1);
$query2 = $pdo->prepare($sql2);
$query3 = $pdo->prepare($sql3);
$result = $query->execute(array( ':username'=>$username, ':password'=>$password, ':email'=>$email ));
$result1 = $query1->execute(array( ':username'=>$username ));
$result2 = $query2->execute(array( ':username'=>$username ));
$result3 = $query3->execute(array( ':username'=>$username ));
//EXECUTE QUERY
if ($result && $result1 && $result2 && $result3) {
$_SESSION['Accountsucess'] = "Account has been added sucessfully.";
header("location: ../../index.php?page=index");
} else {
echo "Error database failure";
}
}
在用户表中插入用户后,获取最后一个插入ID,然后在后续调用中使用该ID,而不是不断选择信息的各个部分
$sql = "INSERT INTO users ( username, password, email )
VALUES ( :username, :password, :email )";
$sql1 = "INSERT INTO stats (id, username)
VALUES (:id,:username)";
// EXECUTE AND PREPARE
$query = $pdo->prepare($sql);
$query1 = $pdo->prepare($sql1);
$result = $query->execute(array( ':username'=>$username, ':password'=>$password, ':email'=>$email ));
// Fetch id of new user
$id = $pdo->lastInsertId();
$result1 = $query1->execute(array( ':id' => $id, ':username'=>$username ));
对其他语句重复相同的逻辑。使用PDO时错误检查的工作原理,是您应该能够自己研究/阅读的内容。让PDO告诉您的查询有什么问题。请参阅链接的问题