【发布时间】:2019-12-05 21:13:31
【问题描述】:
对于学校的一个项目,我必须为一家公司创建一个网站。当我偶然发现这个问题时,我正在研究注册系统。由于某种原因,我的查询不适用于我的数据库。我试过在phpmyadmin中输入查询,效果很好,但是如果我想在php中使用查询,它就不起作用了。我使用的数据库是预制的,它不是自动递增的,所以当我想插入新数据时,我必须添加所有行的所有值。
这是到我正在使用的数据库的连接 我使用标题消息来指示注册是否成功:
function dbConnectionRoot () {
$dbServername = "localhost";
$dbUsername = "root";
$dbPassword = "";
$dbName = "wideworldimporters";
$connection = mysqli_connect($dbServername, $dbUsername, $dbPassword, $dbName);
return $connection;
}
这是我正在使用的插入脚本:
$sql = "INSERT INTO customers (
CustomerID, CustomerName, CustomerCategoryID,
PhoneNumber, FaxNumber, EmailAddress,
HashedPassword, BillToCustomerID, BuyingGroupID,
PrimaryContactPersonId, AlternateContactPersonID, DeliveryMethodID,
DeliveryCityID, PostalCityId, AccountOpenedDate,
StandardDiscountPercentage, IsStatementSent, IsOnCreditHold,
PaymentDays, WebsiteURL, DeliveryAddressLine1,
DeliveryPostalCode, PostalAddressLine1, PostalPostalCode,
LastEditedBy, ValidFrom, ValidTo)
VALUE (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?);";
$statement = dbConnectionRoot()->prepare($sql);
mysqli_stmt_init(dbConnectionRoot());
if (dbConnectionRoot()->connect_errno) {
header("Location: signup:php?error=connection");
exit();
} elseif(!dbConnectionRoot()->query($sql)) {
header("Location: signup.php?error=queryerror");
exit();
} else {
//First we has the password. This is because if a hacker were to hack into the database, it could only see the hashed passwords.
// We use this hashing method(bcrypt) because it is always updated when there is a security breach.
$hashedPassword = password_hash($password, PASSWORD_DEFAULT);
$maxCustomerID++;
//Again, we are making a prepared statement for security. This time we use 27 s'es because we want 27 different variables
$statement->bind_param("sssssssssssssssssssssssssss",
$maxCustomerID, $fullName, $customerCategory, $phoneNumber, $faxNumber, $email, $hashedPassword, $billToCustomerID,
$buyingGroupID, $primaryContactPersonId, $alternateContactPersonID, $deliveryMethodID, $deliveryCityID, $postalCityId, $accountOpenedDate,
$standardDiscountPercentage, $isStatementsent, $isOnCreditHold, $paymentDays, $websiteURL, $deliveryAddressLine1, $deliveryPostalCode,
$postalAddressLine1, $postalPostalCode, $lastEditedBy, $validFrom, $validTo);
$statement->execute();
return($statement);
//A message that the signup was succesfull
header("Location: signup.php?signup=success");
exit();
这是sn-p的注册表
<form action="signupfunctions.php" method="post">
<label>Volledige naam: </label><input type="text" name="FullName"><br>
<label>E-mail adres: </label><input type="text" name="EmailAddress"><br>
<label>Wachtwoord: </label><input type="password" name="Password"><br>
<label>Herhaal uw wachtwoord: </label><input type="password" name="PasswordRepeat"><br>
<label>Telefoon nummer: </label><input type="text" name="PhoneNumber"><br>
<label>Fax nummer: </label><input type="text" name="FaxNumber"><br>
<button type="submit" name="signupbutton" >Registreer</button>
</form>
【问题讨论】:
-
首先,不要在每次需要连接时都调用
dbConnectionRoot()。调用它一次,并将结果存储在一个变量中。这里面打mysqli_stmt_init()的目的是什么? -
你做了什么调试? 会发生什么?
-
@PatrickQ
mysqli_stmt_init()检查连接是否准备好进行准备。我还没有使用调试器,但是我尝试了一些标题调整,问题似乎出在 sql 查询中。一切正常,直到我们到达elseif(!dbConnectionRoot()->query($sql))。然后我收到一条标题消息signup.php?error=queryerror -
您已经在之前的行中完成了
prepare()。 -
我认为需要
mysqli_stmt_init()来查看与连接的查询是否正确,但我想这是不必要的