0

我对 php/sql 相当陌生,但我对此做了很多研究,直到我决定寻求帮助。

基本上我试图将新的用户名/电子邮件/密码/盐插入 MySQL5 数据库。这是我的测试 register.php,只有一个回声:

include 'dbcxn.php';

$usr = $_POST['user'];
$mail = $_POST['mail'];
$pwd = $_POST['p'];
$random_salt = hash('sha512', uniqid(mt_rand(1, mt_getrandmax()), true));
$password = hash('sha512', $pwd.$random_salt);

$insert_stmt = DB::cxn()->prepare("INSERT INTO members (username, email, password, salt) VALUES ($usr, $mail, $password, $random_salt)");
echo $insert_stmt->param_count." parameters\n";

我尝试只使用“$insert_stmt = $mysqli->prepare”,同样的事情发生了。所以我做了类数据库。如果有帮助,这是我的 dbcxn.php:

define("HOST", "");
define("USER", "");
define("PASSWORD", "");
define("DATABASE", "");
define("PORT", "");

$mysqli = new mysqli(HOST, USER, PASSWORD, DATABASE, PORT);

class DB {
private static $mysqls;
private function __construct(){}

static function cxn() {
    if( !self::$mysqls ) {
        self::$mysqls = new mysqli(HOST, USER, PASSWORD, DATABASE, PORT);
    }
    return self::$mysqls;
}
}

不知道还有什么可以尝试并且需要睡觉:)。提前感谢您的任何建议。

4

2 回答 2

1

您的主要问题是您的字符串根本没有转义。

mysqli::prepare() 用于准备好的查询。为了使这项工作成功,您应该将查询更改为:

$insert_stmt = DB::cxn()->prepare("INSERT INTO members (username, email, password, salt) VALUES (?, ?, ?, ?)");
$insert_stmt->bind_param('ssss', $usr, $mail, $password, $random_salt);
$insert_stmt->execute();

You can read up on the bind_param at http://www.php.net/manual/en/mysqli-stmt.bind-param.php for more information, and an explanation on that first parameter ('s' signifying a string value, there are 4 here because you're inserting 4 string values).

于 2012-08-11T09:20:54.543 回答
0

Your SQL has syntax error. What you get is something like: INSERT INTO members (username, email, password, salt) VALUES (username, test@test.test, mypassword, lkjlk21j3lkjsdclksdmfl3i4)

You may want this:

INSERT INTO members (username, email, password, salt) VALUES (?, ?, ?, ?)

于 2012-08-11T09:23:05.237 回答