堆栈内存溢出
  繁体   English   中英

在 mysql 中向 PDO 查询添加一个字段

[英]add a field to a PDO query in mysql

 原文  2020-04-14 20:27:14       php/ mysql/ pdo

问题描述

我正在尝试更改使用 PDO 查询 mysql 的登录注册脚本。

我将新字段 customer_id (int 11) 添加到 users 表中,现在尝试从 php 注册脚本中填充该字段。 插入新用户的脚本如下,我添加了

customer_id = $custId,到查询字符串':customer_id' => $custId,到执行数组语句。

但是,当我运行代码时,我得到了不匹配令牌的控制台错误,但我只为每个参数添加了 1 个额外参数,所以我不明白它是如何不匹配的。 也许语法错误? 我正在关注已经在工作的东西,它看起来是正确的。

    $userip = $_SERVER['REMOTE_ADDR'];

    $custId = '45';

    $query = "INSERT INTO users SET customer_id = $custId, username = 
    :username, firstname = :firstname, lastname = :lastname, password = 
    :password, userlevel = $ulevel, email = :email, timestamp = $time, ip = 
    '$userip', regdate = $time";

    $stmt = $this->db->prepare($query);

    return $stmt->execute(array(':customer_id' => $custId, ':username' => 
    $username, ':firstname' => $firstname, ':lastname' => $lastname, 
    ':password' => $password_hash, ':email' => $email));

更新:这是在我编辑之前有效的整个 function

```function addNewUser($username, $firstname, $lastname, $password, $email) {
    $time = time();
    /* If admin sign up, give admin user level */
    if (($this->functions->totalUsers() == '0') AND (strcasecmp($username, 
ADMIN_NAME) == 0)) {
        $ulevel = SUPER_ADMIN_LEVEL;

   /* Which validation is on? */
    } else if ($this->configs->getConfig('ACCOUNT_ACTIVATION') == 1) {
        $ulevel = REGUSER_LEVEL; /* No activation required */
    } else if ($this->configs->getConfig('ACCOUNT_ACTIVATION') == 2) {
        $ulevel = ACT_EMAIL; /* Activation e-mail will be sent */
    } else if ($this->configs->getConfig('ACCOUNT_ACTIVATION') == 3) {
        $ulevel = ADMIN_ACT; /* Admin will activate account */
    } else if (($this->configs->getConfig('ACCOUNT_ACTIVATION') == 4) && 
!$this->session->isAdmin()) {
        header("Location: " . $this->configs->homePage()); /* Registration 
Disabled so go back to Home Page */
    } else {
        $ulevel = REGUSER_LEVEL;
    }

    /* Hash password using PHP's inbuilt password_hash function - 
currently using BCRYPT - as of 2.5 */ 
    $password_hash = password_hash($password, PASSWORD_DEFAULT);

    $userip = $_SERVER['REMOTE_ADDR'];

    $query = "INSERT INTO users SET username = :username, firstname = 
:firstname, lastname = :lastname, password = :password, userlevel = $ulevel, email = :email, timestamp = $time, ip = '$userip', regdate = $time";
    $stmt = $this->db->prepare($query);
    return $stmt->execute(array(':username' => $username, ':firstname' => 
$firstname, ':lastname' => $lastname, ':password' => $password_hash, ':email' => $email));
}

}```

1 个解决方案

解决方案1
 1  2020-04-14 20:44:10

在您的查询中,您必须将所有以$开头的变量替换为: ,以便绑定可以工作。

所以这样做而不是你的查询

$userip = $_SERVER['REMOTE_ADDR'];

$custId = '45';

$query = "INSERT INTO users SET customer_id = :custId, username = :username, firstname = :firstname, lastname = :lastname, password = :password, userlevel = :ulevel, email = :email, timestamp = :time1, ip = :userip, regdate = :time";

$stmt = $this->db->prepare($query);

return $stmt->execute(array(':customer_id' => $custId, ':username' => $username, ':firstname' => $firstname, ':lastname' => $lastname, ':password' => $password_hash, ':ulevel'=>$ulevel, ':email' => $email,':time1'=>$time,':userip'=>$userip,':time'=>$time));

如您所见,我用 withg ':variables' 交换了所有 '$ variables' 并将它们添加到绑定中。 我将两次都添加为不同的占位符,但这不是必需的。

您的 function 作为代码没有 sql 注入

function addNewUser($username, $firstname, $lastname, $password, $email) {
    $time = time();
    /* If admin sign up, give admin user level */
    if (($this->functions->totalUsers() == '0') AND (strcasecmp($username, ADMIN_NAME) == 0)) {
        $ulevel = SUPER_ADMIN_LEVEL;

   /* Which validation is on? */
    } else if ($this->configs->getConfig('ACCOUNT_ACTIVATION') == 1) {
        $ulevel = REGUSER_LEVEL; /* No activation required */
    } else if ($this->configs->getConfig('ACCOUNT_ACTIVATION') == 2) {
        $ulevel = ACT_EMAIL; /* Activation e-mail will be sent */
    } else if ($this->configs->getConfig('ACCOUNT_ACTIVATION') == 3) {
        $ulevel = ADMIN_ACT; /* Admin will activate account */
    } else if (($this->configs->getConfig('ACCOUNT_ACTIVATION') == 4) && 
!$this->session->isAdmin()) {
        header("Location: " . $this->configs->homePage()); /* Registration 
Disabled so go back to Home Page */
    } else {
        $ulevel = REGUSER_LEVEL;
    }

    /* Hash password using PHP's inbuilt password_hash function - 
currently using BCRYPT - as of 2.5 */ 
    $password_hash = password_hash($password, PASSWORD_DEFAULT);

    $userip = $_SERVER['REMOTE_ADDR'];

    $custId = '45';

    $query = "INSERT INTO users SET customer_id = :custId, username = :username, firstname = :firstname, lastname = :lastname, password = :password, userlevel = :ulevel, email = :email, timestamp = :time1, ip = :userip, regdate = :time";

    $stmt = $this->db->prepare($query);

    return $stmt->execute(array(':customer_id' => $custId, ':username' => $username, ':firstname' => $firstname, ':lastname' => $lastname, ':password' => $password_hash, ':ulevel'=>$ulevel, ':email' => $email,':time1'=>$time,':userip'=>$userip,':time'=>$time));
}

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 PHP PDO用于MYSQL中的NOT IN查询 PDO MySQL查询不起作用 MySQL 和 PDO 查询差异 PDO && mysql插入查询 MySQL 查询 (PDO) PHP和MySQL PDO查询 使用PDO和MySQL更新查询 使用PDO自定义MySql查询 MySQL PDO查询优化 PDO MYSQL查询格式
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM