Php 无法使用PDO将数据插入数据库
我已经为注册页面编写了这段代码,但是我无法使用PDO将插入数据获取到数据库中(或者做了一些不正确的事情)。以下是注册页面代码:Php 无法使用PDO将数据插入数据库,php,mysql,database,pdo,Php,Mysql,Database,Pdo,我已经为注册页面编写了这段代码,但是我无法使用PDO将插入数据获取到数据库中(或者做了一些不正确的事情)。以下是注册页面代码: <?php if (empty($_POST)){ ?> <form name="registration" action="register.php" method="POST"> <label for "username">Username: </label> <input type="text" name=
<?php
if (empty($_POST)){
?>
<form name="registration" action="register.php" method="POST">
<label for "username">Username: </label>
<input type="text" name="username"/><br />
<label for "password">Password: </label>
<input type="password" name="password"/><br />
<label for "fname">First Name: </label>
<input type="text" name="fname"/><br />
<label for "lname">Last name: </label>
<input type="text" name="lname"/><br />
<label for "email">Email: </label>
<input type="text" name="email"/><br />
<button type="submit">Submit</button>
</form>
<?php
}
else{
$form = $_POST;
$username = $form['username'];
$password = $form['passowrd'];
$fname = $form['fname'];
$lname = $form['lname'];
$email = $form['email'];
$user = 'root';
$pass = 'pdt1848!';
$db = new PDO('mysql:host=localhost;dbname=phpproject', $user, $pass);
$sql = "INSERT INTO users (username, password, fname, lname, email)VALUES(:username, :password, :fname, :lname, :email)";
$query = $db->prepare($sql);
$result = $query->execute(array(':username'=>$username, ':password'=>$password,
':fname'=>$fname, ':lname'=>$lname, ':email'=>$email));
if ($result){
echo "Thanks for registering with us!";
} else {
echo "Sorry, an error occurred while editing the database. Contact the guy who built this garbage.";
};
};
?>
用户名:
密码:
名字:
姓氏:
电邮:
提交
错误就在这里,passowrd
$password = $form['passowrd'];
纯粹的打字错误
将其更改为:
$password = $form['password'];
当一个查询失败时,整个查询将失败
如果您在代码中报告错误,它会立即发现
您将来可以使用的方法有try&catch
方法,例如:
try {
$dbh = new PDO($dsn, $user, $password);
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
} catch (PDOException $e) {
echo 'Connection failed: ' . $e->getMessage();
}
以及
error_reporting(E_ALL);
ini_set('display_errors', 1);
您可以参考以下链接以进一步阅读:
PDO
MySQL
(更多)
密码
我还注意到,您正在以纯文本形式存储密码。不建议这样做
使用以下选项之一:
- PHP5.5的函数
- 兼容性包(如果PHP<5.5)
其他链接:
嗯,我是这样做的
$user = 'your username';
$pass = 'your pass';
$db = new PDO( 'mysql:host=localhost;dbname=your_data_base_name', $user, $pass );
/*Grab Post*/
$form = $_POST;
$username = $form[ 'username' ];
$password = $form[ 'password' ];
$first_name = $form[ 'first_name' ];
$surname = $form[ 'surname' ];
$address = $form[ 'address' ];
$email = $form[ 'email' ];
// Sql
$sql = "INSERT INTO users ( username, password, first_name, surname, address, email ) VALUES ( :username, :password, :first_name, :surname, :address, :email )";
$result = $query->execute( array( ':username'=>$username, ':password'=>$password, ':first_name'=>$first_name, ':surname'=>$surname, ':address'=>$address, ':email'=>$email ) );
if ( $result ){
echo "Thank you. You have been registered";
} else {
echo "Sorry, there has been a problem inserting your details.";
}
此外,我始终按照Tuga的建议启用错误报告。它永远不会让我失望。除了passowrd
中的输入错误,您应该为PDO启用异常,并使用try-and-catch语句捕获异常。还有一些其他的小改动,比如先构造PHP,然后删除后超全局的奇数重分配
<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST'){
$result = "Thanks for registering with us!";
try{
$db = new PDO('mysql:host=localhost;dbname=phpproject', 'root', 'pdt1848!');
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$db->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
$db->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE,PDO::FETCH_ASSOC);
$sql = "INSERT INTO users (username, password, fname, lname, email)
VALUES(:username, :password, :fname, :lname, :email)";
$query = $db->prepare($sql);
$query->execute(array(':username'=>$_POST['username'],
':password'=>$_POST['password'],
':fname'=>$_POST['fname'],
':lname'=>$_POST['lname'],
':email'=>$_POST['email']));
}catch(PDOException $e){
$result = 'Sorry, an error occurred while editing the database. Contact the guy who built this garbage.';
//or use $e->getMessage(); for the real error
}
echo $result;
}
else{ ?>
<form name="registration" action="register.php" method="POST">
<label for "username">Username: </label>
<input type="text" name="username"/><br />
<label for "password">Password: </label>
<input type="password" name="password"/><br />
<label for "fname">First Name: </label>
<input type="text" name="fname"/><br />
<label for "lname">Last name: </label>
<input type="text" name="lname"/><br />
<label for "email">Email: </label>
<input type="text" name="email"/><br />
<button type="submit">Submit</button>
</form>
<?php } ?>
用户名:
密码:
名字:
姓氏:
电邮:
提交
在数据库中存储纯文本密码也是一个非常糟糕的主意。~阅读:
编辑
添加了一些输入验证,以帮助您开始,希望能有所帮助。没有测试
<?php
try{
$db = new PDO('mysql:host=localhost;dbname=phpproject', 'root', 'pdt1848!');
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$db->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
$db->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE,PDO::FETCH_ASSOC);
}catch(PDOException $e){
die('Sorry, an error occurred while editing the database. Contact the guy who built this garbage.');
//or use $e->getMessage(); for the real error
}
if ($_SERVER['REQUEST_METHOD'] == 'POST'){
//create empty error array - to fill with errors if any
$error = array();
//validate username
if(empty($_POST['username'])){
$error['username'] = 'Enter a username';
}elseif(strlen($_POST['username']) <= 2){
$error['username'] = 'Username too short > 2 chars';
}else{
//check for existing user
$sql = "SELECT 1
FROM `users`
WHERE username = :username";
$query = $db->prepare($sql);
$query->execute(array(':username' => $_POST['username']));
$result = $query->fetchAll(PDO::FETCH_ASSOC);
if(!empty($result)){
$error['username'] = 'User already exists';
}
}
//validate pass
if(empty($_POST['password'])){
$error['password'] = 'Please enter password';
}elseif(strlen($_POST['password']) < 6){
$error['password'] = 'Password too short, password should be 6 chars or longer';
}
//validate fname
if(empty($_POST['fname'])){
$error['fname'] = 'Please enter your first name';
}
//validate fname
if(empty($_POST['lname'])){
$error['lname'] = 'Please enter your last name';
}
//validate email
if(empty($_POST['email'])){
$error['email'] = 'Please enter your email';
}else{
if(!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)){
$error['email'] = 'Please enter valid email';
}
}
//no errors detected so insert
if(empty($error)){
$sql = "INSERT INTO users (username, password, fname, lname, email)
VALUES(:username, :password, :fname, :lname, :email)";
$query = $db->prepare($sql);
$query->execute(array(':username'=>$_POST['username'],
':password'=>$_POST['password'],
':fname'=>$_POST['fname'],
':lname'=>$_POST['lname'],
':email'=>$_POST['email']));
$result = 'Thanks for registering with us! <a href="login.php">Click here to login</a>';
}else{
$result = 'Please correct the errors';
}
}?>
<?php echo isset($result) ? $result : null;?>
<form name="registration" action="register.php" method="POST">
<label for "username">Username: <?php echo isset($error['username']) ? $error['username'] : null;?></label>
<input type="text" name="username"/><br />
<label for "password">Password: <?php echo isset($error['password']) ? $error['password'] : null;?></label>
<input type="password" name="password"/><br />
<label for "fname">First Name: <?php echo isset($error['fname']) ? $error['fname'] : null;?></label>
<input type="text" name="fname"/><br />
<label for "lname">Last name: <?php echo isset($error['lname']) ? $error['lname'] : null;?></label>
<input type="text" name="lname"/><br />
<label for "email">Email: <?php echo isset($error['email']) ? $error['email'] : null;?></label>
<input type="text" name="email"/><br />
<button type="submit">Submit</button>
</form>
用户名:
密码:
名字:
姓氏:
电邮:
提交
将其放在脚本顶部错误报告(E\u ALL);ini设置(“显示错误”,1)你看到了什么错误?@Fred ii-如果,这并不重要是否存在。代码将以这种方式工作。不过,这里不需要它。@Tuga在after下,当我输入信息并单击submit时,它仍然会说“感谢向我们注册!”就好像$result出现了一样。添加$db->setAttribute(PDO::ATTR_ERRMODE,PDO::ERRMODE_EXCEPTION)
紧跟在$db=new…
之后,保留@Tuga建议的错误报告
,并告诉我们是否出现任何问题。是的!再次感谢您的快速响应欢迎@user3566526另一个令人愉快的结局;-)让我们标记“er off”关于使用异常没有建议,只是指出一个输入错误。你介意解释第一行吗?“如果($\u服务器['REQUEST\u METHOD']='POST'){”@user3566526这是检查请求方法是否为POST的正确方法,从“request_method”检查访问页面时使用的请求方法,即“GET”、“HEAD”、“POST”、“PUT”。如果用户或bot仅提交带有空白值的表单,则可能需要在所有POST输入中添加验证,从而导致获得大量空行插入之前,还要检查现有用户inserting@carlgoodtoseeyou添加了一个经过编辑的版本,并进行了一些验证,以帮助您入门。您的Welcome我正在尝试使用phpass;我只是有点不确定如何使用它。我有代码,我只是不知道在哪里,或者更确切地说,不知道如何实现它。$password=$\u POST['password']$hash_obj=新密码hash(8,false);$hash=$hash_obj->HashPassword($password);$db_obj->insert_password($hash)。$db_obj->insert_password($hash)。”