表单未使用PDO prepare和INSERT输入数据库
[英]Form not inputting in database using PDO prepare and INSERT
问题描述
For some reason when I fill in my basic registration form nothing goes wrong, it says everything is completed, but when I go take a look in my database nothing is saved in there. 
出于某种原因,当我填写基本注册表格时,没有什么错,它说一切都已完成,但是当我查看数据库时,那里什么也没有保存。
This is my form: 这是我的表格:
<form method="post">
<p id="registryinput">Voornaam:<input name="voornaam" type="text"></p><br>
<p id="registryinput">Tussenvoegsels:<input name="tussenvoegsel" type="text"></p><br>
<p id="registryinput">Achternaam:<input name="achternaam" type="text"></p><br>
<p id="registryinput">E-mail:<input name="email" type="text"></p><br>
<p id="registryinput">Wachtwoord:<input name="wachtwoord" type="password"></p><br>
<p id="registryinput">Herhaal wachtwoord:<input name="herhaalwachtwoord" type="password"></p><br>
<input name="submit" type="submit" value="Registreren">
</form>
This is the db connection: 这是数据库连接:
<?php
$host_name = "localhost";
$database = "login";
$username = "root";
$password = "";
try {
$db = new PDO("mysql:host=".$host_name.";dbname=".$database,$username,$password);
}
catch (PDOException $e) {
print "Error!: ".$e->getMessage()."<br/>";
die();
}
?>
This is the code that I use to upload to the database: 这是我用来上传到数据库的代码:
<?php
include("connect.php");
$voornaam = @$_POST["voornaam"];
$tussenvoegsel = @$_POST["tussenvoegsel"];
$achternaam = @$_POST["achternaam"];
$email = @$_POST["email"];
$wachtwoord = @$_POST["wachtwoord"];
$herhaalwachtwoord = @$_POST["herhaalwachtwoord"];
$submit = @$_POST["submit"];
$encpassword = md5($password);
if($submit){
if($voornaam==true){
if($achternaam==true){
if($email==true){
if($wachtwoord==true){
if($herhaalwachtwoord==true){
if($wachtwoord==$herhaalwachtwoord){
if(strlen($voornaam)<50){
if(strlen($tussenvoegsel)<50){
if(strlen($achternaam)<50){
if(strlen($email)<50){
if(strlen($wachtwoord)<50){
$q = $db->prepare("INSERT INTO 'userinfo' ('voornaam','tussenvoegsel','achternaam','email','wachtwoord') VALUES (':voornaam',':tussenvoegsel',':achternaam',':email',':wachtwoord')");
$q->execute(array(':voornaam'=>$voornaam,':tussenvoegsel'=>$tussenvoegsel,':achternaam'=>$achternaam,':email'=>$email,':wachtwoord'=>$wachtwoord));
echo "Registratie succesvol!";
} else {
echo "Wachtwoord langer dan 50 karakters.";
}
} else {
echo "E-mail langer dan 50 karakters.";
}
} else {
echo "Achternaam langer dan 50 karakters.";
}
} else {
echo "Tussenvoegsel langer dan 50 karakters.";
}
} else {
echo "Voornaam langer dan 50 karakters.";
}
} else {
echo "Wachtwoorden zijn niet gelijk.";
}
} else {
echo "Herhaal uw wachtwoord.";
}
} else {
echo "Geen wachtwoord ingevuld.";
}
} else {
echo "Geen e-mail ingevuld.";
}
} else {
echo "Geen achternaam ingevuld.";
}
} else {
echo "Geen voornaam ingevuld.";
}
}
?>
My main concern is if this part is right: 我主要关心的是这部分是否正确:
$q = $db->prepare("INSERT INTO 'userinfo' ('voornaam','tussenvoegsel','achternaam','email','wachtwoord') VALUES (':voornaam',':tussenvoegsel',':achternaam',':email',':wachtwoord')");
$q>execute(array(':voornaam'=>$voornaam,':tussenvoegsel'=>$tussenvoegsel,':achternaam'=>$achternaam,':email'=>$email,':wachtwoord'=>$wachtwoord));
Don't mind all the value names I'm dutch so all the text on the page is dutch 不要介意我是荷兰语的所有值名称,因此页面上的所有文本都是荷兰语
I actually worked along a little bit more and dropped on another problem, my second objective was to make a login form using the SELECT * option and i got it working. 实际上,我的工作量有所增加,而又遇到了另一个问题,我的第二个目标是使用SELECT *选项制作登录表单,然后我开始工作了。 Only problem is for username i am using E-mail but when it tries to call the value of E-mail (for example Thodor20@gmail.com) it comes up with this error: 唯一的问题是我正在使用电子邮件的用户名,但是当它尝试调用电子邮件的值(例如Thodor20@gmail.com)时,出现此错误:
Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; 致命错误:消息为“ SQLSTATE [42000]”的未捕获的异常“ PDOException”:语法错误或访问冲突:1064 SQL语法有错误; check the manual that corresponds to your MySQL server version for the right syntax to use near '@gmail.com = 'admin'' at line 1' in C:\\wamp\\www\\PWS\\index.php on line 15 ( ! ) PDOException: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; 检查与您的MySQL服务器版本对应的手册以获取正确的语法,以在第15行的C:\\ wamp \\ www \\ PWS \\ index.php中的'@gmail.com ='admin'在第1行'附近使用(!) PDOException:SQLSTATE [42000]:语法错误或访问冲突:1064 SQL语法错误; check the manual that corresponds to your MySQL server version for the right syntax to use near '@gmail.com = 'admin'' at line 1 in C:\\wamp\\www\\PWS\\index.php on line 15 检查与您的MySQL服务器版本相对应的手册以获取正确的语法,以在第15行的C:\\ wamp \\ www \\ PWS \\ index.php的第1行的'@gmail.com ='admin'附近使用
I know why this isn't working though it recognizes the E-mail as a value Thodor20@gmail.com where @gmail.com is seperated because of the @. 我知道为什么它不起作用,尽管它将电子邮件识别为值Thodor20@gmail.com,其中@ gmail.com由于@而被分隔。 So how can I change the existing code: 因此,如何更改现有代码:
<?php
include("connect.php");
$logemail = @$_POST['email'];
$logww = @$_POST['wachtwoord'];
if(isset($_POST['submit'])){
$q2 = $db->prepare("SELECT * FROM userinfo WHERE $logemail = '$logww'");
$q2->execute(array(':email'=>$logemail,':wachtwoord'=>$logww));
echo "Login succesvol!";
}
?>
And the form: 以及形式:
<form method="post">
E-mail:<input type="text" name="email"><br>
Wachtwoord:<input type="password" name="wachtwoord"><br>
<input type="submit" name="submit" value="Inloggen"><br>
</form>
So it will accept Thodor20@gmail.com as 1 full value and not in parts? 因此,它将接受Thodor20@gmail.com作为1的全部价值,而不是部分吗?
2 个解决方案
解决方案1
3 已采纳 2014-09-30 14:33:03
You're using quotes around your table, columns and placeholders, remove them. 您在表格,列和占位符周围使用引号,请将其删除。
Those are not the right identifiers . 这些不是正确的标识符 。
INSERT INTO userinfo (voornaam,tussenvoegsel,achternaam,email,wachtwoord)
VALUES (:voornaam,:tussenvoegsel,:achternaam,:email,:wachtwoord)
having used 用过
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
right after the connection is opened, would have signaled the error. 打开连接后立即发出错误信号。
This $q>execute is missing a - so change it to $q->execute the arrow operator is malformed. 这$q>execute缺少-所以它更改为$q->execute箭头操作符的格式不正确。 (although you seem to have it in your full body of code), it was worth mentioning just in case. (尽管您似乎在完整的代码中都有它),值得一提以防万一。
I also noticed you are using if($submit){ it's usually best using 我还注意到您正在使用if($submit){通常最好使用
if(isset($_POST['submit'])){...}
Using @ symbols for @$_POST suppresses errors . 对@$_POST使用@符号可抑制错误 。 It's best not to use them. 最好不要使用它们。
Password storage 密码储存
You are using MD5 for password storage md5($password) . 您正在使用MD5进行密码存储md5($password) 。
This is no longer considered safe to use anymore. 这不再被认为可以安全使用。
I recommed you use CRYPT_BLOWFISH or PHP 5.5's password_hash() function. 我建议您使用CRYPT_BLOWFISH或PHP 5.5的password_hash()函数。
For PHP < 5.5 use the password_hash() compatibility pack . 对于PHP <5.5,使用password_hash() compatibility pack 。
解决方案2
1 2014-09-30 14:36:08
No, the SQL text is not correct. 否,SQL文本不正确。 Identifiers are not enclosed in single quotes. 标识符不包含在单引号中。
INSERT INTO 'userinfo' ('voornaam','tussenvoegsel'
^ ^ ^ ^ ^ ^
(When MySQL sees the single quotes, it's seeing a string literal, not a table name or column name.) (当MySQL看到单引号时,它看到的是字符串文字,而不是表名或列名。)
The fix is to remove all those single quotes from your SQL text. 解决方法是从SQL文本中删除所有这些单引号。
If an identifier needs to be escaped, it can be enclosed in backtick characters. 如果标识符需要转义,则可以将其括在反引号中。 (The funky back quote character, inconveniently located on the key to the left of the "1" key on my keyboard. (时髦的反引号字符,不方便地位于键盘上“ 1”键左侧的键上。
INSERT INTO `userinfo` (`voornaam`,`tussenvoegsel`
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.