Php 从MySQLI将注册表单转换为PDO,出现数据库错误
我目前有一个登录系统,我试图从Mysqli转换成PDO 我目前有一个网站,其数据库附带phpMyAdmin/MySQL 我试图转换所有内容,现在我将向您展示系统的Signup.inc.php部分,因为我已经有了使用PDO的登录部分 这就是我所拥有的 注册公司Php 从MySQLI将注册表单转换为PDO,出现数据库错误,php,html,mysql,mysqli,pdo,Php,Html,Mysql,Mysqli,Pdo,我目前有一个登录系统,我试图从Mysqli转换成PDO 我目前有一个网站,其数据库附带phpMyAdmin/MySQL 我试图转换所有内容,现在我将向您展示系统的Signup.inc.php部分,因为我已经有了使用PDO的登录部分 这就是我所拥有的 注册公司 <?php //check if the user has clicked the login button if (isset($_POST['submit'])) { //Then we include the data
<?php
//check if the user has clicked the login button
if (isset($_POST['submit'])) {
//Then we include the database connection
include_once 'dbh.inc.php';
require_once 'dbh.inc.php';
// then get the data from the signup form
$phone = $_POST['phone'];
$zip = $_POST['zip'];
$email = $_POST['email'];
$name = $_POST['name'];
$password = $_POST['password'];
//Error handlers
//Error handlers are important to avoid any mistakes the user might have made when filling out the form!
//Check for empty fields
if (empty($name) || empty($phone) || empty($email) || empty($zip) || empty($password)) {
header("Location: ../signup.php?signup=empty");
exit();
} else {
if (
!preg_match("/[\w\s]+/", $name) || !preg_match("/^(\\+)[0-9]{8,30}$/", $phone) ||
!preg_match("/[^@]+@[^@]+\.[^@]+/", $email) || !preg_match("/^[0-9]{4}$/", $zip) ||
!preg_match("/^(?=.*?[A-Z])(?=.*?[a-z])(?=.*?[0-9]).{8,}$/", $password)
) {
header("Location: ../signup.php?signup=invalid");
exit();
} else {
//Check email
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
header("Location: ../signup.php?signup=email");
exit();
} else {
$stmt = $conn->prepare("SELECT * FROM users WHERE user_id=:$user_id");
$stmt->bindParam(':name', $user_id, PDO::PARAM_STR);
if (!$stmt->execute()) {
header("Location: ../signup.php?signup=usertaken");
exit();
} else {
//Hashing of the Password
$hashedPwd = password_hash($password, PASSWORD_DEFAULT);
//Insert user to database
$sql = "INSERT INTO users (user_name, user_phone, user_email,
user_zip, user_password) VALUES ('$name', '$phone', '$email',
'$zip', '$hashedPwd');";
$stmt= $pdo->prepare($sql);
$stmt->execute([$name, $phone, $email, $zip, $hashedPwd ]);
header("Location: ../signup.php?signup=success");
exit();
}
}
}}}
DBH.INC.PHP
<?php
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "loginsystem";
try {
$conn = new PDO("mysql:host=$servername;dbname=$dbname",
$username,
$password,
array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION));
}
catch(PDOException $e) {
echo $e->getMessage();
}
每当我尝试注册时,我都会被重定向到此URL
并显示此错误:
注意:未定义变量:第40行C:\xampp\htdocs\php44\includes\signup.inc.php中的user\u id
致命错误:未捕获PDOException:SQLSTATE[42000]:语法错误或访问冲突:1064您的SQL语法有错误;检查与您的MariaDB服务器版本对应的手册,以了解在C:\xampp\htdocs\php44\includes\signup.inc.php:48堆栈跟踪:0 C:\xampp\htdocs\php44\includes\signup.inc.php48:PDOStatement->执行C:\xampp\htdocs\php44\includes\signup.inc.php第48行中抛出的1{main}附近使用的正确语法
我不知道问题是什么,也不知道我应该怎么做才能解决它,所以我非常感谢您的帮助
编辑:
这就是我现在拥有的
<?php
//check if the user has clicked the login button
if (isset($_POST['submit'])) {
//Then we include the database connection
include_once 'dbh.inc.php';
require_once 'dbh.inc.php';
// then get the data from the signup form
$phone = $_POST['phone'];
$zip = $_POST['zip'];
$email = $_POST['email'];
$name = $_POST['name'];
$password = $_POST['password'];
//Error handlers
//Error handlers are important to avoid any mistakes the user might have made when filling out the form!
//Check for empty fields
if (empty($name) || empty($phone) || empty($email) || empty($zip) || empty($password)) {
header("Location: ../signup.php?signup=empty");
exit();
} else {
if (
!preg_match("/[\w\s]+/", $name) || !preg_match("/^(\\+)[0-9]{8,30}$/", $phone) ||
!preg_match("/[^@]+@[^@]+\.[^@]+/", $email) || !preg_match("/^[0-9]{4}$/", $zip) ||
!preg_match("/^(?=.*?[A-Z])(?=.*?[a-z])(?=.*?[0-9]).{8,}$/", $password)
) {
header("Location: ../signup.php?signup=invalid");
exit();
} else {
//Check email
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
header("Location: ../signup.php?signup=email");
exit();
} else {
$stmt = $conn->prepare("SELECT * FROM users WHERE user_id=:user_id");
$stmt->bindParam(':userid', $user_id, PDO::PARAM_STR);
if (!$stmt->execute()) {
header("Location: ../signup.php?signup=usertaken");
exit();
} else {
//Hashing of the Password
$hashedPwd = password_hash($password, PASSWORD_DEFAULT);
//Insert user to database
$sql = "INSERT INTO users (user_name, user_phone, user_email,
user_zip, user_password) VALUES ('name', 'phone', 'email',
'zip', 'hashedPwd');";
$stmt= $pdo->prepare($sql);
$stmt->execute([':name' => $name,
':phone' => $phone,
':email' => $email,
':zip' => $zip,
':hashedPwd'=> $hashedPwd
]);
header("Location: ../signup.php?signup=success");
exit();
}
}
}}}
我仍然得到这个致命的错误:
致命错误:未捕获PDOException:SQLSTATE[HY093]:无效参数编号:C:\xampp\htdocs\php44\includes\signup.inc.php:44堆栈跟踪:0 C:\xampp\htdocs\php44\includes\signup.inc.php44:PDOStatement->执行在第44行C:\xampp\htdocs\php44\includes\signup.inc.php中抛出的1{main}这是一个简单的打字错误
$stmt = $conn->prepare("SELECT * FROM users WHERE user_id=:$user_id");
// remove the $ from here ^
// and change this to use the alias you used
// from
$stmt->bindParam(':name', $user_id, PDO::PARAM_STR);
// to
$stmt->bindParam(':user_id', $user_id, PDO::PARAM_STR);
所以
另一个问题
您还应该在此查询中使用参数
$sql = "INSERT INTO users (user_name, user_phone, user_email, user_zip, user_password)
VALUES (:name, :phone, :email, :zip, :hashedPwd)";
$stmt= $pdo->prepare($sql);
$stmt->execute([':name' => $name,
':phone' => $phone,
':email' => $email,
':zip' => $zip,
':hashedPwd'=> $hashedPwd
]);
您是在选择时准备的,而不是在插入时准备的?如果要将值直接传递给查询并直接执行,为什么要使用prepare?这是什么意思?这不是做这件事的方式吗?投票以简单的打字错误结束谢谢你的回答!现在我得到了这个错误:致命错误:未捕获PDOException:SQLSTATE[HY093]:无效参数编号:C:\xampp\htdocs\php44\includes\signup.inc.php中未定义参数:44堆栈跟踪:0 C:\xampp\htdocs\php44\includes\signup.inc.php44:PDOStatement->执行1{main}在第44行的C:\xampp\htdocs\php44\includes\signup.inc.php中抛出。非常感谢,我将在下面发布代码,以便您可以看到我现在拥有的内容!:我仍然会犯同样的错误,但我会在下面告诉你哦,是的,对!我的错,我只是编辑了这篇文章,这样你就可以看到我现在改变的东西。正如你所看到的,我仍然从第44行得到一个错误:如果$stmt->execute@ChristianAH因为您没有$pdo,所以您使用的是$conn。非常感谢您的帮助!它现在可以工作了!!!!:我喜欢这种感觉,非常感谢!!!
$sql = "INSERT INTO users (user_name, user_phone, user_email, user_zip, user_password)
VALUES (:name, :phone, :email, :zip, :hashedPwd)";
$stmt= $pdo->prepare($sql);
$stmt->execute([':name' => $name,
':phone' => $phone,
':email' => $email,
':zip' => $zip,
':hashedPwd'=> $hashedPwd
]);