1. 首页
  2. 问答
  3. 无法使用PDO将数据插入到数据库中

无法使用PDO将数据插入到数据库中

2013-10-24 104 views
0

经过消毒和验证后,可以正常工作。我试图将数据插入到我的数据库,但它口口声声说错误:“对不起,我们不能够正确地为您注册...笔芯形式”无法使用PDO将数据插入到数据库中

$qry = "INSERT INTO users (email, firstName, surname, userName, password, userDOB) values (?, ?, ?, ?, ?, ?)"; 

$q = $conn->prepare($qry) or die("ERROR: " . implode(":", $conn->errorInfo())); 

$q->bindParam(1, $email); 
$q->bindParam(2, $name); 
$q->bindParam(3, $surname); 
$q->bindParam(4, $username); 
$q->bindParam(5, $password); 
$q->bindParam(6, $userDOB); 

$q->execute(); 
if(!$q->execute()) { 
echo "<h1> Sorry, we were not able to sign you up... Refill the form properly </h1>"; 
} 
else { 
echo "<h1> Congratulations, $name ! You have been successfully signed up! </h1>"; 
}

任何帮助,这将使这项工作将不胜感激。

来源

2013-10-24 Yax Mokwa

+0

有没有错误?你应该赶上PDO例外,以获得更详细的错误报告 –

+0

http://stackoverflow.com/questions/3726505/how-to-squeeze-error-message-out-of-pdo –

+0

做一些像'.. 。} else {die($ conn :: errorInfo); }'所以DB可以告诉你错误是什么。固定的消息可以显示给最终用户,但是在调试时,除非它们也包含问题的实际细节,否则不要使用它们。 –

回答

0

不知道是否是问题所在,但是您要拨打​​两次。
无论如何,你唯一的问题是缺乏错误报告。启用它并运行每个运营商只有一次:

error_reporting(E_ALL); 
ini_set('display_errors', 1); 
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); 

$sql = "INSERT INTO users (email, firstName, surname, userName, password, userDOB) 
        values (?, ?, ?, ?, ?, ?)"; 
$stm = $conn->prepare($sql)); 
$stm->execute([$email,$name,$surname,$username,$password,$userDOB]); 
if ($stm->rowCount()) 
{ 
    echo "<h1> Sorry, we were not able to sign you up... Refill the form properly </h1>"; 
} else { 
    echo "<h1> Congratulations, $name ! You have been successfully signed up! </h1>"; 
}

来源

2013-10-24 18:16:23

0

谢谢你们一大堆。它的工作原理,但是这是写这段代码和避免SQL注入的最佳实践吗?

try { 
     $conn = new PDO('mysql:host=localhost; dbname=userdetails', 'root', ''); 
     $conn->setAttribute(PDO:: ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); 
     echo 'Connected!'; 
    } 
catch(PDOException $pe) { 
     echo('Connection error, because: ' .$pe->getMessage()); 
    } 

//Insert data to Database if values are not empty and sanitized 
if (!empty($_POST["firstName"]) && !empty($_POST["surname"]) && !empty($_POST["email"]) 
&& !empty($_POST["userName"]) && !empty($_POST["password"]) && $dob_day > 0 && $dob_month > 0 && $dob_year > 0) 
{ 
    $qry = "INSERT INTO users (email, firstName, surname, userName, password, birthday) values (?, ?, ?, ?, ?, ?)"; 

    $q = $conn->prepare($qry) or die("ERROR: " . implode(":", $conn->errorInfo())); 

    $q->bindParam(1, $email); 
    $q->bindParam(2, $name); 
    $q->bindParam(3, $surname); 
    $q->bindParam(4, $username); 
    $q->bindParam(5, $password); 
    $q->bindParam(6, $userDOB); 

    try { 
    $q->execute(); 
       echo "<h1> Congratulations, $name ! You have been successfully signed up! </h1>"; 
    } 
    catch(PDOException $pe) { 
     echo('Connection error, because: ' .$pe->getMessage()); 
    } 
}

来源

2013-10-25 10:15:50

+0

是的,保护是好的,但错误报告和整体效率可能会更好。 –

+0

谢谢@YourCommonSense。 –

相关问题

 相关问题