Php 从MySQLI将注册表单转换为PDO，出现数据库错误

我目前有一个登录系统，我试图从Mysqli转换成PDO

我目前有一个网站，其数据库附带phpMyAdmin/MySQL

我试图转换所有内容，现在我将向您展示系统的Signup.inc.php部分，因为我已经有了使用PDO的登录部分

这就是我所拥有的

注册公司

<?php
//check if the user has clicked the login button
if (isset($_POST['submit'])) {

    //Then we include the database connection
    include_once 'dbh.inc.php';
    require_once 'dbh.inc.php';


    // then get the data from the signup form
    $phone = $_POST['phone'];
    $zip = $_POST['zip'];
    $email = $_POST['email'];
    $name = $_POST['name'];
    $password = $_POST['password'];

    //Error handlers
    //Error handlers are important to avoid any mistakes the user might have made when filling out the form!
    //Check for empty fields
    if (empty($name) || empty($phone) || empty($email) || empty($zip) || empty($password)) {
        header("Location: ../signup.php?signup=empty");
        exit();

    } else {
        if (
            !preg_match("/[\w\s]+/", $name) || !preg_match("/^(\\+)[0-9]{8,30}$/", $phone) ||
            !preg_match("/[^@]+@[^@]+\.[^@]+/", $email) || !preg_match("/^[0-9]{4}$/", $zip) ||
            !preg_match("/^(?=.*?[A-Z])(?=.*?[a-z])(?=.*?[0-9]).{8,}$/", $password)
        ) {

            header("Location: ../signup.php?signup=invalid");
            exit();
        } else {
            //Check email
            if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
                header("Location: ../signup.php?signup=email");
                exit();
            } else {

                $stmt = $conn->prepare("SELECT * FROM users WHERE user_id=:$user_id");  
                $stmt->bindParam(':name', $user_id, PDO::PARAM_STR);


                if (!$stmt->execute()) {
                    header("Location: ../signup.php?signup=usertaken");
                    exit();
                } else {
                    //Hashing of the Password
                    $hashedPwd = password_hash($password, PASSWORD_DEFAULT);
                    //Insert user to database
                    $sql = "INSERT INTO users (user_name, user_phone, user_email, 
                user_zip, user_password) VALUES ('$name', '$phone', '$email',
                '$zip', '$hashedPwd');";

                    $stmt= $pdo->prepare($sql);
                    $stmt->execute([$name, $phone, $email, $zip, $hashedPwd ]);

                    header("Location: ../signup.php?signup=success");
                    exit();
                }
            }
        }}}

DBH.INC.PHP

    <?php

$servername = "localhost";
$username = "root";
$password = "";
$dbname = "loginsystem";


try {
    $conn = new PDO("mysql:host=$servername;dbname=$dbname",
    $username,
    $password,
    array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION));


}
catch(PDOException $e) {
    echo $e->getMessage();
}

每当我尝试注册时，我都会被重定向到此URL

并显示此错误：

注意：未定义变量：第40行C:\xampp\htdocs\php44\includes\signup.inc.php中的user\u id

致命错误：未捕获PDOException:SQLSTATE[42000]：语法错误或访问冲突：1064您的SQL语法有错误；检查与您的MariaDB服务器版本对应的手册，以了解在C:\xampp\htdocs\php44\includes\signup.inc.php:48堆栈跟踪：0 C:\xampp\htdocs\php44\includes\signup.inc.php48:PDOStatement->执行C:\xampp\htdocs\php44\includes\signup.inc.php第48行中抛出的1{main}附近使用的正确语法

我不知道问题是什么，也不知道我应该怎么做才能解决它，所以我非常感谢您的帮助

编辑：

这就是我现在拥有的

<?php
//check if the user has clicked the login button
if (isset($_POST['submit'])) {

    //Then we include the database connection
    include_once 'dbh.inc.php';
    require_once 'dbh.inc.php';


    // then get the data from the signup form
    $phone = $_POST['phone'];
    $zip = $_POST['zip'];
    $email = $_POST['email'];
    $name = $_POST['name'];
    $password = $_POST['password'];

    //Error handlers
    //Error handlers are important to avoid any mistakes the user might have made when filling out the form!
    //Check for empty fields
    if (empty($name) || empty($phone) || empty($email) || empty($zip) || empty($password)) {
        header("Location: ../signup.php?signup=empty");
        exit();

    } else {
        if (
            !preg_match("/[\w\s]+/", $name) || !preg_match("/^(\\+)[0-9]{8,30}$/", $phone) ||
            !preg_match("/[^@]+@[^@]+\.[^@]+/", $email) || !preg_match("/^[0-9]{4}$/", $zip) ||
            !preg_match("/^(?=.*?[A-Z])(?=.*?[a-z])(?=.*?[0-9]).{8,}$/", $password)
        ) {

            header("Location: ../signup.php?signup=invalid");
            exit();
        } else {
            //Check email
            if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
                header("Location: ../signup.php?signup=email");
                exit();
            } else {

                $stmt = $conn->prepare("SELECT * FROM users WHERE user_id=:user_id");  
                $stmt->bindParam(':userid', $user_id, PDO::PARAM_STR);


                if (!$stmt->execute()) {
                    header("Location: ../signup.php?signup=usertaken");
                    exit();
                } else {
                    //Hashing of the Password
                    $hashedPwd = password_hash($password, PASSWORD_DEFAULT);
                    //Insert user to database
                    $sql = "INSERT INTO users (user_name, user_phone, user_email, 
                user_zip, user_password) VALUES ('name', 'phone', 'email',
                'zip', 'hashedPwd');";

                    $stmt= $pdo->prepare($sql);
                    $stmt->execute([':name'     => $name, 
                                ':phone'    => $phone, 
                                ':email'    => $email, 
                                ':zip'      => $zip, 
                                ':hashedPwd'=> $hashedPwd 
                                ]);
                    header("Location: ../signup.php?signup=success");
                    exit();
                }
            }
        }}}

我仍然得到这个致命的错误：

致命错误：未捕获PDOException:SQLSTATE[HY093]：无效参数编号：C:\xampp\htdocs\php44\includes\signup.inc.php:44堆栈跟踪：0 C:\xampp\htdocs\php44\includes\signup.inc.php44:PDOStatement->执行在第44行C:\xampp\htdocs\php44\includes\signup.inc.php中抛出的1{main}这是一个简单的打字错误

$stmt = $conn->prepare("SELECT * FROM users WHERE user_id=:$user_id");  
// remove the $ from here                                  ^

// and change this to use the alias you used
// from 
$stmt->bindParam(':name', $user_id, PDO::PARAM_STR);
// to
$stmt->bindParam(':user_id', $user_id, PDO::PARAM_STR);

所以

另一个问题

您还应该在此查询中使用参数

$sql = "INSERT INTO users (user_name, user_phone, user_email, user_zip, user_password) 
        VALUES (:name, :phone, :email, :zip, :hashedPwd)";

$stmt= $pdo->prepare($sql);
$stmt->execute([':name'     => $name, 
                ':phone'    => $phone, 
                ':email'    => $email, 
                ':zip'      => $zip, 
                ':hashedPwd'=> $hashedPwd 
                ]);

---

您是在选择时准备的，而不是在插入时准备的？如果要将值直接传递给查询并直接执行，为什么要使用prepare？这是什么意思？这不是做这件事的方式吗？投票以简单的打字错误结束谢谢你的回答！现在我得到了这个错误：致命错误：未捕获PDOException:SQLSTATE[HY093]：无效参数编号：C:\xampp\htdocs\php44\includes\signup.inc.php中未定义参数：44堆栈跟踪：0 C:\xampp\htdocs\php44\includes\signup.inc.php44:PDOStatement->执行1{main}在第44行的C:\xampp\htdocs\php44\includes\signup.inc.php中抛出。非常感谢，我将在下面发布代码，以便您可以看到我现在拥有的内容！：我仍然会犯同样的错误，但我会在下面告诉你哦，是的，对！我的错，我只是编辑了这篇文章，这样你就可以看到我现在改变的东西。正如你所看到的，我仍然从第44行得到一个错误：如果$stmt->execute@ChristianAH因为您没有$pdo，所以您使用的是$conn。非常感谢您的帮助！它现在可以工作了！！！！：我喜欢这种感觉，非常感谢！！！

$sql = "INSERT INTO users (user_name, user_phone, user_email, user_zip, user_password) 
        VALUES (:name, :phone, :email, :zip, :hashedPwd)";

$stmt= $pdo->prepare($sql);
$stmt->execute([':name'     => $name, 
                ':phone'    => $phone, 
                ':email'    => $email, 
                ':zip'      => $zip, 
                ':hashedPwd'=> $hashedPwd 
                ]);