dpdhnd3577
2016-05-22 01:29
浏览 48
已采纳

PHP pdo插入查询不起作用

<?php
// DATABASE-HOSTNAME-OR-IPADDRESS-GOES-HERE
// MYSQL-DBNAME-GOES-HERE
class LoginHandler {
    public $dbHostname = 'localhost';
    public $dbDatabaseName = 'employee101';
    public $user = 'root';
    public $password = 'root';
    public function handleRequest($arg) {
        $username = '123';
        $password2 = '123';
        $fname = 'John';
        $lname = 'Doe';
        $age = '18';
        if ( ! $username ) {
            $this->fail();
            return;
        }
        try  {
            $dsn = "mysql:dbname={$this->dbDatabaseName};host={$this->dbHostname};port=8888";
            $pdo = new PDO($dsn, $this->user, $this->password);
            $sql="SELECT * FROM `employee_data` WHERE `username`='$username'";
            $stmt = $pdo->query($sql);
            if ( $stmt === false ) {
                echo "DB Critical Error";
                return;
            }
            elseif ( $stmt->rowCount() > 0 ) {
                echo "user already exists";
                return;
            }
            else {
                echo "User created";
                $sql = "INSERT INTO employee_data (name, sumame, age, username, password)
                VALUES ($fname, $lname, $age, $username, $password2)";
                $dsn = "mysql:dbname={$this->dbDatabaseName};host={$this->dbHostname};port=8888";

                $pdo = new PDO($dsn, $this->user, $this->password);
                $stmtz = $pdo->prepare($sql);

                $stmtz->bindParam($fname, $_POST[$fname], PDO::PARAM_STR);
                $stmtz->bindParam($lname, $_POST[$lname], PDO::PARAM_STR);
                $stmtz->bindParam($age, $_POST[$age], PDO::PARAM_STR);
                $stmtz->bindParam($username, $_POST[$username], PDO::PARAM_STR);
                $stmtz->bindParam($password2, $_POST[$password2], PDO::PARAM_STR);

                $resultzzx = $stmtz->execute();
                return;
            }
        }
        catch(PDOException $e) {
            $this->log('Connection failed: ' . $e->getMessage());
            echo "DB Critical Error";
        }
    }
    function log($msg) {
        file_put_contents("login.log", strftime('%Y-%m-%d %T ') . "$msg
", FILE_APPEND);
    }
}
$handler = new LoginHandler();
$handler->handleRequest($_POST);
?>

When attempting to use this script above, I get the echo that the user was created, but even when refreshing the table, the new entry doesn't show up.

Now, if i change the values line to be the following, it will work and show the new entry.

('John', 'Doe', '18', $username, $password2)";

What am i doing wrong? I need the first name, last name and age entries to not be concrete, as i will be obtaining them from a POST on my android device. The whole purpose of this script is to create the user and it's records if it doesn't already exist.

  • 写回答
  • 关注问题
  • 收藏
  • 邀请回答

2条回答 默认 最新

  • dongpao1926 2016-05-22 02:03
    已采纳

    You have various mistakes.

    1) You are not binding your parameters correctly. To bind them correctly, you place a :variablename in the position you want to include the variable. Usually the "variablename" should be the same as the one you are obtaining from the $_POST superglobal so that the code is cleaner and more readable.

    2) You are not obtaining the values from the $_POST superglobal correctly. The key values you place inside are strings, and by placing an empty $fname variable, you are not going to obtain a correct result. It would only work if you had coding saying $fname = 'fname' somewhere up top hidden from us, however that code itself would be unadvised since it is unnecessary and only makes the source code larger.

    $sql = "INSERT INTO employee_data (name, sumame, age, username, password)
    VALUES (:fname, :lname, :age, :username, :password2)";
    
    $dsn = "mysql:dbname={$this->dbDatabaseName};host=
    {$this>dbHostname};port=8888";
    
    $pdo = new PDO($dsn, $this->user, $this->password);
    
    $stmtz = $pdo->prepare($sql);
    
    $stmtz->bindParam(':fname', $_POST['fname']);
    $stmtz->bindParam(':lname', $_POST['lname']);
    $stmtz->bindParam(':age', $_POST['age']);
    $stmtz->bindParam(':username', $_POST['username']);
    $stmtz->bindParam(':password2', $_POST['password2']);
    

    I hope that helps.

    打赏 评论
  • dongwei1855 2016-05-22 01:48
     $sql = "INSERT INTO employee_data (name, sumame, age, username, password) VALUES (:name, :sumame, :age, :username, :password)";
                    $dsn = "mysql:dbname={$this->dbDatabaseName};host={$this->dbHostname};port=8888";
    
                    $pdo = new PDO($dsn, $this->user, $this->password);
                    $stmtz = $pdo->prepare($sql);
                    $stmtz->bindParam(':name', $fname);
                    $stmtz->bindParam(':sumame', $lname);
                    $stmtz->bindParam(':age', $age);
                    $stmtz->bindParam(':username', $username);
                    $stmtz->bindParam(':password', $password2);
                    $resultzzx = $stmtz->execute();
                    return;
    

    After reviewing the link Fred posted in the comment above, i've modified it to work fine, thanks.

    打赏 评论

相关推荐 更多相似问题