0

我有一个用户注册脚本,除了 PDO 准备好的语句不会将值插入数据库之外,它都可以正常工作。该脚本没有返回错误。MySQL 用户确实拥有我正在执行的操作的权限。

Signup.php :

echo "<?xml version=\"1.0\" ?>";

if(isset($_POST['email'], $_POST['username'], $_POST['p'], $_POST['fname'], $_POST['lname'], $_POST['gender'])) {

foreach ($_POST as $entry) {
    strip_tags($entry);
}

if(strlen($_POST['email']) < 1) {
    echo "<response>Please enter an email address!</response>";
    exit();
}

if(!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
    echo "<response>Please enter a valid email address!</response>";
    exit();
}

if(strlen($_POST['p']) < 6) {
    echo "<response>Please enter a password that is longer than 6 characters!</response>";
    exit();
}

if(strlen($_POST['username']) < 5 || strlen($_POST['username']) > 30) {
    echo "<response>Please enter a username that is between 5 and 30 characters in length!</response>";
    exit();
}

if(strlen($_POST['fname']) < 1 || strlen($_POST['lname']) < 1) {
    echo "<response>Please enter a name!</response>";
    exit();
}

if(strlen($_POST['gender']) < 1) {
    echo "<response>Please select your gender!</response>";
    exit();
}

//if(strlen($_POST['recaptcha_response_field']) < 1) {
//  echo "<response>Please answer the Captcha!</response>";
//  exit();
//}

if($_POST['gender'] === "Male") {
    $_POST['gender'] = "m";
} else {
    $_POST['gender'] = "f";
}

//$recaptcha_response = null;
//$recaptcha_error = null;

//$recaptcha_response = recaptcha_check_answer($recaptcha_private_key, $_SERVER['REMOTE_ADDR'], $_POST['recaptcha_challenge_field'], $_POST['recaptcha_response_field']);

//if($recaptcha_response->is_valid) {

    $salt = hash("sha512", uniqid(mt_rand(1, mt_getrandmax()), true));
    $password = $_POST['p'];
    $password = hash("sha512", $password.$salt);

    $info = array(

        "email" => $_POST['email'],
        "password" => $password,
        "salt" => $salt,
        "username" => $_POST['username'],
        "fname" => $_POST['fname'],
        "lname" => $_POST['lname'],
        "gender" => $_POST['gender']

    );

    if(register($info, $database) === true) {

        echo "<response>Registration Successfull! Please check your inbox for an activation email!</response>";

        exit();

    }

//} else {

//  echo "<response>Incorrect Captcha! Please click the reCaptcha refresh button and try again!</response>";

//  exit();

//}

} else {

echo "<response>Invalid Sign-Up Request!</response>";

exit();

}

寄存器()函数:

function register($info, $database) {

try {

    $query = $database -> prepare("SELECT email FROM members WHERE email = :email LIMIT 1");

    $query -> execute(

        array(

            ":email" => $info['email']

        )

    );

    $result = $query -> fetch();
    $result = $result[1];

    if(strlen($result) > 0) {

        echo "<response>Email already in use!</response>";

        exit();

    } else {

        $query = $database -> prepare("SELECT username FROM members WHERE username = :username LIMIT 1");

        $query -> execute(

            array(

                ":username" => $info['username']

            )

        );

        $result = $query -> fetch();
        $result = $result[1];

        if(strlen($result) > 0) {

            echo "<response>Username already in use!</response>";

            exit();

        } else {

            $query = $database -> prepare("SELECT password FROM members WHERE password = :password LIMIT 1");

            $query -> execute(

                array(

                    ":password" => $info['password']

                )

            );

            $result = $query -> fetch();
            $result = $result[1];

            if(strlen($result) > 0) {

                echo "<response>Password already in use!</response>";

                exit();

            } else {

                $time = time();

                /*
                * This is where it isn't working
                */

                $query = $database -> prepare("INSERT INTO members (email, password, salt, username, first_name, last_name, signup, last_login, gender) VALUES (:email, :password, :salt, :username, :fname, :lname, :signup, :last_login, :gender)");

                $query -> execute(

                    array(

                        ":email"            => $info['email'],
                        ":password"    => $info['password'],
                        ":salt"               => $info['salt'],
                        ":username"  => $info['username'],
                        ":fname"          => $info['fname'],
                        ":lname"          => $info['lname'],
                        ":signup"         => $time,
                        ":last_login"   => $time,
                        ":gender"        => $info['gender']

                    )

                ) or die(print_r($query->errorInfo(), true));

                $rc = hash("sha512", uniqid(mt_rand(1, mt_getrandmax()), true));

                $query = $database -> prepare("SELECT id FROM members WHERE email = :email LIMIT 1");

                $query -> execute(

                    array(

                        ":email" => $info['email']

                    )

                );

                $user_id = $query -> fetch();

                $query = $database -> prepare("INSERT INTO regcodes (user_id, reg_code) VALUES (:id, :rc)");

                $query -> execute(

                    array(

                        ":id" => $user_id['id'],
                        ":rc" => $rc

                    )

                );

                mail($info['email'], "Activate your account for Code-Cluster!", "Please click the following link to activate your account for Code-Cluster!\r\n http://www.ablp.x10.mx/code-cluster/activate.php?rc=".$rc);

                return true;

                exit();

            }

        }

    }

} catch(PDOException $e) {

    echo "<response>An error occured whilst creating your account! An email has been sent to tech support!</response>";

    mail("admin@codecluster.x10.mx", "Code-Cluster Sign-Up Error", "Sign-Up Error; Timestamp @ " . date() . " ; IP Address : " . $_SERVER['REMOTE_ADDR'] . " ;\r\n" . $e);

    exit();

}

}

这是数据库结构: 数据库结构

4

1 回答 1

0

它应该是:email而不只是email在数组中。

array(
        ":email" => $info['email']
     )

对于所有其他execute()呼叫也是如此。

于 2013-02-19T03:57:11.190 回答