[英]bind_param doesn't replace ?s in my prepared statement
It registers the user successfully.它成功注册了用户。 But when I check it on my database, all of the values are 0s.
但是当我在我的数据库上检查它时,所有的值都是 0。 What's the problem?
有什么问题?
here's the function code:这是函数代码:
public function insertUser($email, $firstName, $lastName, $encryptedPassword, $salt)
{
//SQL language - command to insert data
$sql = "INSERT INTO users (email, firstName, lastName, password, salt) VALUES (email=?, firstName=?, lastName=?, password=?, salt=?)";
//preparing SQL for execution by checking the validity
$statement = $this->conn->prepare($sql);
//if error
if (!$statement)
{
throw new Exception(($statement->error));
}
//assigning variables instead of '?', after checking the preparation and validity of the SQL command
$statement->bind_param('sssss', $email, $firstName, $lastName, $encryptedPassword, $salt);
//result will store the status/result of the execution of SQL command
$result = $statement->execute();
return $result;
}
The parameters for the function get set with the correct values when called, I tested it该函数的参数在调用时设置为正确的值,我对其进行了测试
I'm pretty new to PHP.我对 PHP 很陌生。 If i correct my function, it doesn't create a new user.
如果我更正我的功能,它不会创建新用户。 It doesn't even print out anything in the browser window.
它甚至不会在浏览器窗口中打印出任何内容。 Here's the piece of code that calls this one (maybe it helps you with finding the solution):
这是调用此代码的一段代码(也许它可以帮助您找到解决方案):
$result = $access->insertUser($email, $firstName, $lastName, $encryptedPassword, $salt);
//result is positive
if ($result)
{
//throw back the user details
$return['status'] = '200';
$return['message'] = 'Successfully registered';
$return['email'] = $email;
$return['firstName'] = $firstName;
$return['lastName'] = $lastName;
echo json_encode($return);
$access->disconnect();
}
Your query is wrong.您的查询是错误的。
//columns are declared here
$sql = "INSERT INTO users (email, firstName, lastName, password, salt) VALUES (email=?, firstName=?, lastName=?, password=?, salt=?)";
//you do not need to declare your columns again
Simple change your query to简单地将您的查询更改为
$sql = "INSERT INTO users (email, firstName, lastName, password, salt) VALUES (?, ?, ?, ?, ?)";
Also, it appears as though you are storing your password and the salt separately, that tells me you are rolling your own hashing algorithm, there isn't really a need for this.此外,似乎您将密码和盐分开存储,这告诉我您正在使用自己的散列算法,实际上并没有必要这样做。 I would remove your
salt
column, and use password_hash()
for your password column.我会删除您的
salt
列,并使用password_hash()
作为您的密码列。
remove the column=?删除列=?
$sql = "INSERT INTO users (email, firstName, lastName, password, salt) VALUES (?, ?, ?, ?, ?)";
the code编码
column=?
in your value assignment is evalued as boolean condition that return false (0)在您的值分配中被评估为返回 false (0) 的布尔条件
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.