drnxnbf199049 2013-03-01 04:35 采纳率: 100%
浏览 43
已采纳

我目前正在尝试使用Prepared Statements创建注册页面,失败 - >准备

I'm currently trying to make a registration page using Prepared Statements, fails on ->prepare

I keep ending up at the else statement Something Went Wrong, I just don't know what's wrong, also for some reason since going from mysqli_query to these prepared statements it seems like no errors are being echo'd ( normally I'd get a white page with some mysql error on it but nothing now, is that a php.ini problem? And could anybody tell me just how 'secure' my code is from injections and what not? Thanks.

Update 1:

Added the closing bracket on the ->prepare now I'm getting this error

[Thu Feb 28 21:40:00 2013] [error] [client 68.150.102.145] PHP Fatal error: Cannot pass parameter 6 by reference in /var/www/busapp/register.php on line 25

<?php
if (isset($_POST['submit'])) {

    $email = $_POST['inputEmail'];
    $firstname = $_POST['inputFirstName'];
    $lastname = $_POST['inputLastName'];
    $originalpassword = SHA1($_POST['inputOriginalPassword']);
    $confirmpassword = SHA1($_POST['inputConfirmPassword']);
    $createdip = $_SERVER['REMOTE_ADDR'];

    require_once('connectdb.php');

    /* Connect to the database */

    $mysqli = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_BASE);
    if (mysqli_connect_errno()) {
        printf("Connect failed: %s
", mysqli_connect_error());
        exit();
    }

    if ($stmt = $mysqli->prepare("INSERT INTO Users (Firstname, Lastname, Email, Password, Admin, Activated, CreatedIP, Datecreated)
                                 values(?, ?, ?, ?, ?, ?, ?, ?")) {
        /* Bind our params */

        $stmt->bind_param('ssssiiss', $firstname, $lastname, $email, $originalpassword, 0, 0, $createdip, NOW());

        /* Execute statement */

            $stmt -> execute();
            $alert = '<p class="alert-success">Account created, check your email for an activation link.</p>';

            $mysqli -> close();
            $stmt -> close();
    } else {
            $alert = '<p class="alert-error"> Something went wrong </p>';
            $mysqli -> close();
    }
}
require_once('navbar.php');
?>
<div class="container" style="padding-top: 35px; padding-bottom: 50px;">
<form class="form-signin" method="post" action="<?php echo $_SERVER['PHP_SELF']?>">
    <h2 class="form-signin-heading">Please Register</h2>
    <input type="text" class="input-block-level" placeholder="Email Address" name="inputEmail">
    <input type="text" class="input-block-level" placeholder="First Name" name="inputFirstName">
    <input type="text" class="input-block-level" placeholder="Last Name" name="inputLastName">
    <input type="password" class="input-block-level" placeholder="Password" name="inputOriginalPassword">
    <input type="password" class="input-block-level" placeholder="Confirm Password" name="inputConfirmPassword">
    <?php echo $alert; ?>
    <button type="submit" name="submit" class="btn btn-info">Register</button>
</form>
</div>


<?php require_once('footer.php'); ?>
  • 写回答

2条回答 默认 最新

  • dqn8235 2013-03-01 04:52
    关注

    Try this:

    if ($stmt = $mysqli->prepare("INSERT INTO Users (Firstname, Lastname, Email, Password, Admin, Activated, CreatedIP, Datecreated)
                                 values(?, ?, ?, ?, 0, 0, ?, NOW())")) {
    /* Bind our params */
    $stmt->bind_param('sssss', $firstname, $lastname, $email, $originalpassword, $createdip);

    //rest of your code

    Besides the left out parenthesis, you don't need to bind NOW() and two const values 0.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 关于#matlab#的问题:在模糊控制器中选出线路信息,在simulink中根据线路信息生成速度时间目标曲线(初速度为20m/s,15秒后减为0的速度时间图像)我想问线路信息是什么
  • ¥15 banner广告展示设置多少时间不怎么会消耗用户价值
  • ¥16 mybatis的代理对象无法通过@Autowired装填
  • ¥15 可见光定位matlab仿真
  • ¥15 arduino 四自由度机械臂
  • ¥15 wordpress 产品图片 GIF 没法显示
  • ¥15 求三国群英传pl国战时间的修改方法
  • ¥15 matlab代码代写,需写出详细代码,代价私
  • ¥15 ROS系统搭建请教(跨境电商用途)
  • ¥15 AIC3204的示例代码有吗,想用AIC3204测量血氧,找不到相关的代码。