php PDO mysql - 行为查询
php PDO mysql - behavioural query
祝大家新年快乐。我需要指出,我正在尝试专门使用 PDO,而且我是使用 PDO 的相对菜鸟,所以如果这个问题看起来很明显,请原谅。
我有点傻,因为我似乎无法理解为什么我(尝试)编写的相对简单的电子邮件验证系统不能正常工作。一切正常,直到验证结束时的 php link 将电子邮件地址设置为正在验证。这是我的代码,后面是问题:
首先,我有一个包含数据库登录名的包含文件。它看起来像这样:
<?php
// DATABASE SETTINGS
$hostname = "127.0.0.1";
$username = "devProduction";
$password = "ienx3rybcisuc";
$database = "devProduction";
try {
$conn = new PDO("mysql:host=$hostname; dbname=$database", $username, $password);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$conn->exec("SET CHARACTER SET utf8"); // Sets encoding UTF-8
// close the database connection (removed as I do this at the end of each call)
//$conn = null;
} catch(PDOException $e) {
echo $e->getMessage();
}
?>
然后在用户点击 link 后实际收到的页面中发送到他们的电子邮件:
<?php
// Grab our includes
include '../conf/Funcs.php';
include '../conf/DBconfig.php'; // (This is the file displayed above)
require_once '../conf/Mobile_Detect.php';
// Check out what device is looking at us
$detect = new Mobile_Detect;
$deviceType = ($detect->isMobile() ? ($detect->isTablet() ? 'tablet' : 'phone') : 'computer');
$scriptVersion = $detect->getScriptVersion();
// Check to see if we are already logged in under an already validated account
if(isset($_COOKIE['AGMARDTuid']) || isset($_COOKIE['AGMARDTtoken'])) {
logout();
header("Location: ../");
exit;
} else {
$val = base64url_decode($_GET['val']);
$val = explode(":-:", $val);
$uid = $val[0];
$add = $val[1];
$key = $val[2];
// These are the three items that are pulled out of the URL $val value. This works fine
// It's only here to check it's working ok for the moment
echo "uid: ".$uid."<br>add: ".$add."<br>key: ".$key."<br><br>";
// Kill the process if either of the three values - $uid, $add, $key - are empty
if(($uid == "") || ($uid == NULL) || ($add == "") || ($add == NULL) || ($key == "") || ($key == NULL)) {
logout();
header("Location: ../");
exit;
} else {
// Seems everything is in order for email validation, so lets validate
$yes = "yes";
$NULL = NULL;
try {
$stmt = $conn->prepare("UPDATE $database.users SET `emailValidated` = :validate, `emailValidationKey` = :newkey WHERE `uid` = :uid AND `email` = :add AND `emailValidationKey` = :key");
$stmt->bindParam(':uid', $uid);
$stmt->bindparam(':add', $add);
$stmt->bindParam(':key', $key);
$stmt->bindParam(':validate', $yes);
$stmt->bindParam(':newkey', $NULL);
$stmt->execute();
$result = "success";
} catch(PDOException $e) { catchMySQLerror($e->getMessage()); $result = "fail"; }
$conn = null;
echo "result: ".$result." (post sql)<br><br>";
if($result == "fail") {
echo "Email did not successfully validate, there was a problem<br><br>";
echo $conn . "<br>" . $e->getMessage();
} else if($result == "success"){
echo "Email successfully validated<br><br>";
echo $conn . "<br>" . $e->getMessage();
}
echo "<br><br>We got to the end!";
}
}
?>
代码有效,有点。问题是,如果数据库中没有一个帐户与从 URL 传递给脚本的所有三个值相匹配,它仍然显示为已更新(验证)一个帐户,即使它没有。这是为什么?
此外,对于我绑定一些参数的部分,特别是这两个:
$stmt->bindParam(':validate', $yes);
$stmt->bindParam(':newkey', $NULL);
为什么我好像要赋值$yes = "yes";和“$NULL = NULL; 预先作为变量?我试过:
$stmt->bindParam(':validate', 'yes');
$stmt->bindParam(':newkey', NULL);
和
$stmt->bindParam(':validate', yes);
$stmt->bindParam(':newkey', NULL);
和
$stmt->bindParam(':validate', 'yes');
$stmt->bindParam(':newkey', 'NULL');
都没有成功。
总是欢迎和赞赏答案、信息和建议。谢谢!
C
当您想在准备好的语句中传递一个值(或函数的结果)时,您应该使用 bindValue 而不是 bindParam。
$id = 100;
$datas = array('a', 'b', 'c');
$stmt = $db->prepare("SELECT * FROM user WHERE id = :id AND status > :status AND justForExample = :other");
$stmt->bindParam(':id', $id, PDO::PARAM_INT);
$stmt->bindValue(':status', 1, PDO::PARAM_INT);
$stmt->bindValue(':other', implode("", $datas), PDO::PARAM_STR);
$stmt->execute();
The documentation to BindValue
祝大家新年快乐。我需要指出,我正在尝试专门使用 PDO,而且我是使用 PDO 的相对菜鸟,所以如果这个问题看起来很明显,请原谅。
我有点傻,因为我似乎无法理解为什么我(尝试)编写的相对简单的电子邮件验证系统不能正常工作。一切正常,直到验证结束时的 php link 将电子邮件地址设置为正在验证。这是我的代码,后面是问题:
首先,我有一个包含数据库登录名的包含文件。它看起来像这样:
<?php
// DATABASE SETTINGS
$hostname = "127.0.0.1";
$username = "devProduction";
$password = "ienx3rybcisuc";
$database = "devProduction";
try {
$conn = new PDO("mysql:host=$hostname; dbname=$database", $username, $password);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$conn->exec("SET CHARACTER SET utf8"); // Sets encoding UTF-8
// close the database connection (removed as I do this at the end of each call)
//$conn = null;
} catch(PDOException $e) {
echo $e->getMessage();
}
?>
然后在用户点击 link 后实际收到的页面中发送到他们的电子邮件:
<?php
// Grab our includes
include '../conf/Funcs.php';
include '../conf/DBconfig.php'; // (This is the file displayed above)
require_once '../conf/Mobile_Detect.php';
// Check out what device is looking at us
$detect = new Mobile_Detect;
$deviceType = ($detect->isMobile() ? ($detect->isTablet() ? 'tablet' : 'phone') : 'computer');
$scriptVersion = $detect->getScriptVersion();
// Check to see if we are already logged in under an already validated account
if(isset($_COOKIE['AGMARDTuid']) || isset($_COOKIE['AGMARDTtoken'])) {
logout();
header("Location: ../");
exit;
} else {
$val = base64url_decode($_GET['val']);
$val = explode(":-:", $val);
$uid = $val[0];
$add = $val[1];
$key = $val[2];
// These are the three items that are pulled out of the URL $val value. This works fine
// It's only here to check it's working ok for the moment
echo "uid: ".$uid."<br>add: ".$add."<br>key: ".$key."<br><br>";
// Kill the process if either of the three values - $uid, $add, $key - are empty
if(($uid == "") || ($uid == NULL) || ($add == "") || ($add == NULL) || ($key == "") || ($key == NULL)) {
logout();
header("Location: ../");
exit;
} else {
// Seems everything is in order for email validation, so lets validate
$yes = "yes";
$NULL = NULL;
try {
$stmt = $conn->prepare("UPDATE $database.users SET `emailValidated` = :validate, `emailValidationKey` = :newkey WHERE `uid` = :uid AND `email` = :add AND `emailValidationKey` = :key");
$stmt->bindParam(':uid', $uid);
$stmt->bindparam(':add', $add);
$stmt->bindParam(':key', $key);
$stmt->bindParam(':validate', $yes);
$stmt->bindParam(':newkey', $NULL);
$stmt->execute();
$result = "success";
} catch(PDOException $e) { catchMySQLerror($e->getMessage()); $result = "fail"; }
$conn = null;
echo "result: ".$result." (post sql)<br><br>";
if($result == "fail") {
echo "Email did not successfully validate, there was a problem<br><br>";
echo $conn . "<br>" . $e->getMessage();
} else if($result == "success"){
echo "Email successfully validated<br><br>";
echo $conn . "<br>" . $e->getMessage();
}
echo "<br><br>We got to the end!";
}
}
?>
代码有效,有点。问题是,如果数据库中没有一个帐户与从 URL 传递给脚本的所有三个值相匹配,它仍然显示为已更新(验证)一个帐户,即使它没有。这是为什么?
此外,对于我绑定一些参数的部分,特别是这两个:
$stmt->bindParam(':validate', $yes);
$stmt->bindParam(':newkey', $NULL);
为什么我好像要赋值$yes = "yes";和“$NULL = NULL; 预先作为变量?我试过:
$stmt->bindParam(':validate', 'yes');
$stmt->bindParam(':newkey', NULL);
和
$stmt->bindParam(':validate', yes);
$stmt->bindParam(':newkey', NULL);
和
$stmt->bindParam(':validate', 'yes');
$stmt->bindParam(':newkey', 'NULL');
都没有成功。
总是欢迎和赞赏答案、信息和建议。谢谢!
C
当您想在准备好的语句中传递一个值(或函数的结果)时,您应该使用 bindValue 而不是 bindParam。
$id = 100;
$datas = array('a', 'b', 'c');
$stmt = $db->prepare("SELECT * FROM user WHERE id = :id AND status > :status AND justForExample = :other");
$stmt->bindParam(':id', $id, PDO::PARAM_INT);
$stmt->bindValue(':status', 1, PDO::PARAM_INT);
$stmt->bindValue(':other', implode("", $datas), PDO::PARAM_STR);
$stmt->execute();
The documentation to BindValue