[英]add a field to a PDO query in mysql
我正在尝试更改使用 PDO 查询 mysql 的登录注册脚本。
我将新字段 customer_id (int 11) 添加到 users 表中,现在尝试从 php 注册脚本中填充该字段。 插入新用户的脚本如下,我添加了
customer_id = $custId,到查询字符串和':customer_id' => $custId,到执行数组语句。
但是,当我运行代码时,我得到了不匹配令牌的控制台错误,但我只为每个参数添加了 1 个额外参数,所以我不明白它是如何不匹配的。 也许语法错误? 我正在关注已经在工作的东西,它看起来是正确的。
$userip = $_SERVER['REMOTE_ADDR'];
$custId = '45';
$query = "INSERT INTO users SET customer_id = $custId, username =
:username, firstname = :firstname, lastname = :lastname, password =
:password, userlevel = $ulevel, email = :email, timestamp = $time, ip =
'$userip', regdate = $time";
$stmt = $this->db->prepare($query);
return $stmt->execute(array(':customer_id' => $custId, ':username' =>
$username, ':firstname' => $firstname, ':lastname' => $lastname,
':password' => $password_hash, ':email' => $email));
更新:这是在我编辑之前有效的整个 function
```function addNewUser($username, $firstname, $lastname, $password, $email) {
$time = time();
/* If admin sign up, give admin user level */
if (($this->functions->totalUsers() == '0') AND (strcasecmp($username,
ADMIN_NAME) == 0)) {
$ulevel = SUPER_ADMIN_LEVEL;
/* Which validation is on? */
} else if ($this->configs->getConfig('ACCOUNT_ACTIVATION') == 1) {
$ulevel = REGUSER_LEVEL; /* No activation required */
} else if ($this->configs->getConfig('ACCOUNT_ACTIVATION') == 2) {
$ulevel = ACT_EMAIL; /* Activation e-mail will be sent */
} else if ($this->configs->getConfig('ACCOUNT_ACTIVATION') == 3) {
$ulevel = ADMIN_ACT; /* Admin will activate account */
} else if (($this->configs->getConfig('ACCOUNT_ACTIVATION') == 4) &&
!$this->session->isAdmin()) {
header("Location: " . $this->configs->homePage()); /* Registration
Disabled so go back to Home Page */
} else {
$ulevel = REGUSER_LEVEL;
}
/* Hash password using PHP's inbuilt password_hash function -
currently using BCRYPT - as of 2.5 */
$password_hash = password_hash($password, PASSWORD_DEFAULT);
$userip = $_SERVER['REMOTE_ADDR'];
$query = "INSERT INTO users SET username = :username, firstname =
:firstname, lastname = :lastname, password = :password, userlevel = $ulevel, email = :email, timestamp = $time, ip = '$userip', regdate = $time";
$stmt = $this->db->prepare($query);
return $stmt->execute(array(':username' => $username, ':firstname' =>
$firstname, ':lastname' => $lastname, ':password' => $password_hash, ':email' => $email));
}
}```
在您的查询中,您必须将所有以$开头的变量替换为: ,以便绑定可以工作。
所以这样做而不是你的查询
$userip = $_SERVER['REMOTE_ADDR'];
$custId = '45';
$query = "INSERT INTO users SET customer_id = :custId, username = :username, firstname = :firstname, lastname = :lastname, password = :password, userlevel = :ulevel, email = :email, timestamp = :time1, ip = :userip, regdate = :time";
$stmt = $this->db->prepare($query);
return $stmt->execute(array(':customer_id' => $custId, ':username' => $username, ':firstname' => $firstname, ':lastname' => $lastname, ':password' => $password_hash, ':ulevel'=>$ulevel, ':email' => $email,':time1'=>$time,':userip'=>$userip,':time'=>$time));
如您所见,我用 withg ':variables' 交换了所有 '$ variables' 并将它们添加到绑定中。 我将两次都添加为不同的占位符,但这不是必需的。
您的 function 作为代码没有 sql 注入
function addNewUser($username, $firstname, $lastname, $password, $email) {
$time = time();
/* If admin sign up, give admin user level */
if (($this->functions->totalUsers() == '0') AND (strcasecmp($username, ADMIN_NAME) == 0)) {
$ulevel = SUPER_ADMIN_LEVEL;
/* Which validation is on? */
} else if ($this->configs->getConfig('ACCOUNT_ACTIVATION') == 1) {
$ulevel = REGUSER_LEVEL; /* No activation required */
} else if ($this->configs->getConfig('ACCOUNT_ACTIVATION') == 2) {
$ulevel = ACT_EMAIL; /* Activation e-mail will be sent */
} else if ($this->configs->getConfig('ACCOUNT_ACTIVATION') == 3) {
$ulevel = ADMIN_ACT; /* Admin will activate account */
} else if (($this->configs->getConfig('ACCOUNT_ACTIVATION') == 4) &&
!$this->session->isAdmin()) {
header("Location: " . $this->configs->homePage()); /* Registration
Disabled so go back to Home Page */
} else {
$ulevel = REGUSER_LEVEL;
}
/* Hash password using PHP's inbuilt password_hash function -
currently using BCRYPT - as of 2.5 */
$password_hash = password_hash($password, PASSWORD_DEFAULT);
$userip = $_SERVER['REMOTE_ADDR'];
$custId = '45';
$query = "INSERT INTO users SET customer_id = :custId, username = :username, firstname = :firstname, lastname = :lastname, password = :password, userlevel = :ulevel, email = :email, timestamp = :time1, ip = :userip, regdate = :time";
$stmt = $this->db->prepare($query);
return $stmt->execute(array(':customer_id' => $custId, ':username' => $username, ':firstname' => $firstname, ':lastname' => $lastname, ':password' => $password_hash, ':ulevel'=>$ulevel, ':email' => $email,':time1'=>$time,':userip'=>$userip,':time'=>$time));
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.