我尝试使用PHP和MySQL创建一个注册/登录系统,但偶然发现了PDO语句的问题。由于我不熟悉PDO语句,因此无法让代码的“获取”部分工作,所以我将不胜感激。另外,我非常感谢“占位符”变量如何在PDO语句中工作,以及如何使用PDO语句中的“fetch”方法检查数据库中是否已存在用户名。
MySQL数据库相当简单。它分别包括自动递增“id”(主键)字段,“firstname”字段,“lastname”字段,“email”字段,“username”字段和“password”字段。
这是代码的HTML部分:
<form class="signUp" action="signup.inc.php" method="POST">
<input type="text" name="first" placeholder="First name" class="firstname" required>
<input type="text" name="last" placeholder="Last name" class="lastname" required>
<input type="text" name="email" placeholder="E-mail" class="email" required>
<input type="text" name="username" placeholder="Username" class="username" required>
<input type="password" name="password" placeholder="Password" class="password" required>
<input type="submit" class="submit" name="submit" value="Sign up">
</form>
这是使用PDO语句进行PHP验证的不良尝试(显然它不起作用):
<?php
if (isset($_POST['submit'])){
include_once 'init.php';
$first = $_POST['first'];
$last = $_POST['last']
$email = $_POST['email']
$username = $_POST['username']
$password = $_POST['password']
if (empty($first) || empty($last) || empty($email) || empty($username) || empty($password)){
header("Location: signup.php?signup=empty");
exit();
} else{
if (!preg_match("/^[a-zA-Z]*$/", $first) || !preg_match("/^[a-zA-Z]*$/", $last)){
header("Location: signup.php?signup=invalid");
exit();
} else{
if (!filter_var($email, FILTER_VALIDATE_EMAIL)){
header("Location: signup.php?signup=invalidEmail");
exit();
} else{
$query = $db->prepare("SELECT * FROM users WHERE username = :username");
$query->execute(['username' => $username]);
$results = $query->fetch();
if ($query->rowCount()>0){
header("Location: signup.php?signup=usernameTaken");
exit();
} else{
$hashedPassword = password_hash($password, PASSWORD_DEFAULT);
$query = $db->prepare("INSERT INTO users (firstname, lastname, email, username, password) VALUES ('$first', '$last', '$email', '$username', '$hashedPassword'))";
$query->execute();
header("Location: signup.php?signup=success");
exit();
}
}
}
}
} else{
header("Location: signup.php");
exit();
}
谢谢!
你没有绑定参数。这是占位符进入对话的地方。占位符?
用于绑定参数。您不能使用php变量准备语句,但只能使用占位符。看看相应的代码片段的重写:
// note that the
$query = $db->prepare("INSERT INTO users (firstname, lastname, email, username, password) VALUES (?, ?, ?, ?, ?)");
$query->bindParam(':firstname', $first);
$query->bindParam(':lastname', $last);
$query->bindParam(':email', $email);
$query->bindParam(':username', $username);
$query->bindParam(':password', $hashedPassword);
$query->execute();
除非您想要了解自己的验证步骤,因为您渴望自己学习,否则您可能需要考虑查看像GUMP这样的库进行验证。