1. 首頁
  2. 問答
  3. 發送變量到MySQLi

發送變量到MySQLi

2014-01-10 95 views
0

我一直在盯着這個頁面半個小時試圖弄清楚我哪裏出錯了。前兩個變量被找到並插入到數據庫中,然而最後兩個'email'和'password'沒有找到,沒有被插入到數據庫中,但仍然通過了if語句。任何幫助都感激不盡。發送變量到MySQLi

form.php的

 <form name="signup" method="POST" action="signup.php"> 

     <label for="signupFirstName">First Name</label> 
     <input type="text" id="signupFirstName" name="signupFirstName" /> 
     <label for="signupLastName">Last Name</label> 
     <input type="text" id="signupLastName" name="signupLastName"/> 

     <label for="signupEmail">Email</label> 
     <input type="text" id="signupEmail" name="signupEmail" /> 
     <label for="signupConfirmEmail">Confirm Email</label> 
     <input type="text" id="signupConfirmEmail" name="signupConfirmEmail"/> 

     <label for="signupPassword">Password</label> 
     <input type="text" id="signupPassword" name="signupPassword"/> 
     <label for="signupConfirmPassword">Confirm Password</label> 
     <input type="text" id="signupConfirmPassword" name="signupConfirmPassword"/> 

     <button name="submit" type="submit" >Submit Form</button> 

     </form>

signup.php

 <?php 
    if (isset($_POST['signupFirstName']) || isset($_POST['signupLastName']) ||  isset($_POST['signupEmail']) || isset($_POST['signupPassword'])) { 

    echo $_POST['signupEmail']; 
    $mysqli = new mysqli('localhost', 'user1', 'password', 'db2'); 

    /* check connection */ 
    if (mysqli_connect_errno()) { 
    printf("Connect failed: %s\n", mysqli_connect_error()); 
    exit(); 
    } 

    $stmt = $mysqli->prepare("INSERT INTO members (First_Name, Last_Name, Email, Password) VALUES (?,?,?,?)"); 
    $stmt->bind_param('ssss',$sample,$lastName,$email,$password); 


    // escape the POST data for added protection 
    $sample = isset($_POST['signupFirstName']) 
     ? $mysqli->real_escape_string($_POST['signupFirstName']) 
     : ''; 
    $lastName = isset($_POST['signupLastName']) 
     ? $mysqli->real_escape_string($_POST['signupLastName']) 
     : '';  
    $email = isset($_POST['signupEmail']) 
     ? $mysqli->real_escape_string($_POST['signupEmail']) 
     : ''; 
    $password = isset($_POST['signupPassword']) 
     ? $mysqli->real_escape_string($_POST['signupPassword']) 
     : ''; 


    /* execute prepared statement */ 
    $stmt->execute(); 

    printf("%d Row inserted.\n", $stmt->affected_rows); 

    /* close statement and connection */ 
    $stmt->close(); 

    /* close connection */ 
    $mysqli->close(); 
} 
    else{ 
    echo "broken"; 
    } 
?>

來源

2014-01-10 John Mack

+1

不要退出綁定變量(它不會「添加保護」,它只是注入虛假的轉義字符);並設置變量值__before__綁定它們 –

+0

我們現在甚至不會評論以純文本存儲密碼,直到您獲得插入實際工作;但只是推薦它是一種壞習慣 –

回答

0

你似乎在PARAMS被綁定到你的查詢之前您實際上設置的變量。將bind_param()呼叫移動到​​呼叫的上方。

你也可以重構你的代碼來取出很多垃圾。示例如下:

<?php 
function arr_get($array, $key) { 
    if (isset($array[$key])) { 
     return $array[$key]; 
    } 

    return ''; 
} 

if (isset($_POST['signupFirstName']) || isset($_POST['signupLastName']) || isset($_POST['signupEmail']) || isset($_POST['signupPassword'])) { 

    echo $_POST['signupEmail']; 
    $mysqli = new mysqli('localhost', 'user1', 'password', 'db2'); 

    /* check connection */ 
    if (mysqli_connect_errno()) { 
     printf("Connect failed: %s\n", mysqli_connect_error()); 
     exit(); 
    } 

    $stmt = $mysqli->prepare("INSERT INTO members (First_Name, Last_Name, Email, Password) VALUES (?,?,?,?)"); 
    $stmt->bind_param('ssss', arr_get($_POST, 'signupFirstName'), arr_get($_POST, 'signupLastName'), arr_get($_POST, 'signupEmail'), arr_get($_POST, 'signupPassword')); 

    /* execute prepared statement */ 
    $stmt->execute(); 

    printf("%d Row inserted.\n", $stmt->affected_rows); 

    /* close statement and connection */ 
    $stmt->close(); 

    /* close connection */ 
    $mysqli->close(); 

} 
else { 
    echo "broken"; 
} 
?>

來源

2014-01-10 12:33:52

相關問題

 相關問題