bind_param 不会替换我准备好的语句中的 ?s
[英]bind_param doesn't replace ?s in my prepared statement
问题描述
It registers the user successfully.
它成功注册了用户。 But when I check it on my database, all of the values are 0s.但是当我在我的数据库上检查它时,所有的值都是 0。 What's the problem?有什么问题?
here's the function code:这是函数代码:
public function insertUser($email, $firstName, $lastName, $encryptedPassword, $salt)
{
//SQL language - command to insert data
$sql = "INSERT INTO users (email, firstName, lastName, password, salt) VALUES (email=?, firstName=?, lastName=?, password=?, salt=?)";
//preparing SQL for execution by checking the validity
$statement = $this->conn->prepare($sql);
//if error
if (!$statement)
{
throw new Exception(($statement->error));
}
//assigning variables instead of '?', after checking the preparation and validity of the SQL command
$statement->bind_param('sssss', $email, $firstName, $lastName, $encryptedPassword, $salt);
//result will store the status/result of the execution of SQL command
$result = $statement->execute();
return $result;
}
The parameters for the function get set with the correct values when called, I tested it该函数的参数在调用时设置为正确的值,我对其进行了测试
I'm pretty new to PHP.我对 PHP 很陌生。 If i correct my function, it doesn't create a new user.如果我更正我的功能,它不会创建新用户。 It doesn't even print out anything in the browser window.它甚至不会在浏览器窗口中打印出任何内容。 Here's the piece of code that calls this one (maybe it helps you with finding the solution):这是调用此代码的一段代码(也许它可以帮助您找到解决方案):
$result = $access->insertUser($email, $firstName, $lastName, $encryptedPassword, $salt);
//result is positive
if ($result)
{
//throw back the user details
$return['status'] = '200';
$return['message'] = 'Successfully registered';
$return['email'] = $email;
$return['firstName'] = $firstName;
$return['lastName'] = $lastName;
echo json_encode($return);
$access->disconnect();
}
2 个解决方案
解决方案1
0 2019-05-02 20:05:10
Your query is wrong.您的查询是错误的。
//columns are declared here
$sql = "INSERT INTO users (email, firstName, lastName, password, salt) VALUES (email=?, firstName=?, lastName=?, password=?, salt=?)";
//you do not need to declare your columns again
Simple change your query to简单地将您的查询更改为
$sql = "INSERT INTO users (email, firstName, lastName, password, salt) VALUES (?, ?, ?, ?, ?)";
Also, it appears as though you are storing your password and the salt separately, that tells me you are rolling your own hashing algorithm, there isn't really a need for this.此外,似乎您将密码和盐分开存储,这告诉我您正在使用自己的散列算法,实际上并没有必要这样做。 I would remove your salt column, and use password_hash() for your password column.我会删除您的salt列,并使用password_hash()作为您的密码列。
解决方案2
0 2019-05-02 20:05:47
remove the column=?删除列=?
$sql = "INSERT INTO users (email, firstName, lastName, password, salt) VALUES (?, ?, ?, ?, ?)";
the code编码
column=?
in your value assignment is evalued as boolean condition that return false (0)在您的值分配中被评估为返回 false (0) 的布尔条件
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.