无法使用 PHP 中的准备语句将数据插入数据库,未报告错误
Failing to insert data into database using prepared statement in PHP, no error reported
我正在尝试创建一个注册表单,将用户输入的数据存储到 MySQL 数据库中。
我能够通过手动设置值来让它工作,但了解到最好使用准备好的语句。这就是我的 PHP 代码的样子:
<?php
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "accounts";
//Creating a new connection to the database
$connection = new mysqli($servername, $username, $password, $dbname);
//Checking the connection
if ($connection->connect_error) {
die("Connection failed: " . $connection->connect_error);
}
//SQL string used to insert the data into the database
$sql = "INSERT INTO users (name, email, password) VALUES (?, ?, ?)";
$stmt = mysqli_stmt_init($connection);
if (!mysqli_stmt_prepare($stmt, $sql)) {
echo "Failed";
} else {
mysqli_stmt_bind_param($stmt, "sss", $_POST["name"], $_POST["email"], $_POST["passowrd"]);
mysqli_stmt_execute($stmt);
}
?>
这是 HTML:
<div id="wrapper">
<div id="formContent">
<h3>Complete the following form to register an account:</h3>
<form class="register" action="registration.php" method="post">
Email: <input type="email" name="email" required> <br></br>
Name: <input type="name" name="name" required> <br></br>
Password: <input type="password" name="password" required> <br></br>
Confirm Password: <input type="password" name="confirmed_password" required> <br></br>
<input type="submit" name="submit">
</form>
</div>
</div>
列出的代码returns没有错误但是数据库没有更新。我已经绞尽脑汁一段时间了,非常感谢您的帮助。
首先,您输入的 password 有误(您输入的是 $_POST['passowrd']),其次,这是基于文档中的示例:
# Prepare (use the OOP version of this library)
$query = $connection->prepare("INSERT INTO users (`name`, `email`, `password`) VALUES (?, ?, ?)");
# Bind parameters and spell "password" correctly
$query->bind_param('sss', $_POST['name'], $_POST['email'], $_POST['password']);
# Execute
$query->execute();
# See if the row was created and echo success
echo ($query->affected_rows > 0)? 'Success!' : 'Failed';
您应该使用 password_hash()(存储)和 password_verify()(验证)或 bcrypt 等效库(如果您的 php 版本没有这些本机函数)。使用这些函数时,请确保您的 password 列有 255 个字符长度,以免切断密码哈希。
我正在尝试创建一个注册表单,将用户输入的数据存储到 MySQL 数据库中。 我能够通过手动设置值来让它工作,但了解到最好使用准备好的语句。这就是我的 PHP 代码的样子:
<?php
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "accounts";
//Creating a new connection to the database
$connection = new mysqli($servername, $username, $password, $dbname);
//Checking the connection
if ($connection->connect_error) {
die("Connection failed: " . $connection->connect_error);
}
//SQL string used to insert the data into the database
$sql = "INSERT INTO users (name, email, password) VALUES (?, ?, ?)";
$stmt = mysqli_stmt_init($connection);
if (!mysqli_stmt_prepare($stmt, $sql)) {
echo "Failed";
} else {
mysqli_stmt_bind_param($stmt, "sss", $_POST["name"], $_POST["email"], $_POST["passowrd"]);
mysqli_stmt_execute($stmt);
}
?>
这是 HTML:
<div id="wrapper">
<div id="formContent">
<h3>Complete the following form to register an account:</h3>
<form class="register" action="registration.php" method="post">
Email: <input type="email" name="email" required> <br></br>
Name: <input type="name" name="name" required> <br></br>
Password: <input type="password" name="password" required> <br></br>
Confirm Password: <input type="password" name="confirmed_password" required> <br></br>
<input type="submit" name="submit">
</form>
</div>
</div>
列出的代码returns没有错误但是数据库没有更新。我已经绞尽脑汁一段时间了,非常感谢您的帮助。
首先,您输入的 password 有误(您输入的是 $_POST['passowrd']),其次,这是基于文档中的示例:
# Prepare (use the OOP version of this library)
$query = $connection->prepare("INSERT INTO users (`name`, `email`, `password`) VALUES (?, ?, ?)");
# Bind parameters and spell "password" correctly
$query->bind_param('sss', $_POST['name'], $_POST['email'], $_POST['password']);
# Execute
$query->execute();
# See if the row was created and echo success
echo ($query->affected_rows > 0)? 'Success!' : 'Failed';
您应该使用 password_hash()(存储)和 password_verify()(验证)或 bcrypt 等效库(如果您的 php 版本没有这些本机函数)。使用这些函数时,请确保您的 password 列有 255 个字符长度,以免切断密码哈希。