[英]MySQL Stored Procedure parameter validation
我想知道從MySQL存儲過程到PHP應用程序的返回驗證錯誤的最佳實踐是什么。 我已經看到同時使用了信號和字符串,但是我正在尋找一種自動處理錯誤的方法,以便可以將它們映射到表單字段。
例如,如果我有注冊表,則需要確保系統中不存在該電子郵件。 因此,我需要存儲過程返回鍵=> value ex。 "email" => "Duplicate entry for email"
我還認為,將消息(將發送給客戶端)存儲在數據庫中可能沒有意義。 在上面的電子郵件示例中, "email" => "1062"
,然后在PHP應用程序中有一個映射1062 => "$key already exists."
我會很高興能夠保持鍵=>(值/錯誤消息)的關聯,以便AJAX響應對象可以包含類似
// Http Status 400
{ "email": "Email already exists", "name": "Name is required" }
這樣,電子郵件和名稱的密鑰就可以直接與它們的“名稱”和“電子郵件”輸入關聯。
<form>
<input name="name"/>
<input name="email"/>
<input type="submit" value="Submit"/>
</form>
<?php
$sanitizedInput = $_POST; //Pretend this data is actually sanitized.
$pdo = new PDO($dsn, $username, $password);
$stmt = $pdo->prepare("CALL registerUser(?, ?)");
$stmt->bindParam(1, $sanitizedInput["name"]);
$stmt->bindParam(2, $sanitizedInput["email"]);
#Whats the best method for processing?
try{
if($stmt->execute()){
}else{
}
}catch(PDOException $e){
//I want to prevent doing string comparisons if possible
//Signal example
//It seems like this step could be automated and reused.
//For example, if we allow a user to update their email address,
//we could have the string 'Duplicate entry for email' in the
//codebase twice, and it seems like the process could be easily broken.
if($stmt->errorInfo[2] == 'Duplicate entry for email'){
return array('email' => 'Email already exists');
}
}
?>
#SQL
signal sqlstate = '45000' set message_text = 'Duplicate entry for email'
create procedure registerUser(
name varchar(50),
email varchar(50)
)
begin
declare emailExists int(0);
select count(*) into emailExists from users where email = email;
if emailExists = 0 then
insert into users values(default, name, email);
else
//Return {email: 'Duplicate entry for email'}
end
結束
為什么要在存儲過程中運行驗證? 為什么不使用php首先驗證格式。 然后第二個檢查將是此查詢
從以下電子郵件中選擇1個,其中email ='abc@nb.com'LIMIT 1
如果此查詢返回1表示該記錄存在?
如果您想使用存儲過程,這在這里是一個致命的選擇。
您可以使用SQLEXCEPTION HANDLER
像這樣的東西
DECLARE CONTINUE HANDLER FOR SQLEXCEPTION
BEGIN
GET DIAGNOSTICS CONDITION 1
@err_sqlstate = RETURNED_SQLSTATE,
@err_message = MESSAGE_TEXT,
@err_num = MYSQL_ERRNO;
SET @hasError = TRUE;
END;
運行查詢后,您可以執行以下操作
IF(@hasError)
SELECT CONCAT("[",
GROUP_CONCAT(
CONCAT("{message:'", @err_message,"'"),
CONCAT(",sqlState:'",@err_sqlstate),"'}")
)
,"]") AS jSON
END IF;
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.