0

我目前正在尝试使用 Prepared Statements 创建注册页面,但在 ->prepare 上失败

我一直在 else 语句结束Something Went Wrong,我只是不知道出了什么问题,也是出于某种原因,因为从 mysqli_query 到这些准备好的语句,似乎没有错误被回显(通常我会得到一个白页上面有一些 mysql 错误,但现在什么也没有,这是一个php.ini问题吗?有人能告诉我我的代码对注入有多“安全”吗?谢谢。

更新1:

在 ->prepare 上添加了右括号,现在我收到此错误

[Thu Feb 28 21:40:00 2013] [error] [client 68.150.102.145] PHP Fatal error: Cannot pass parameter 6 by reference in /var/www/busapp/register.php on line 25

<?php
if (isset($_POST['submit'])) {

    $email = $_POST['inputEmail'];
    $firstname = $_POST['inputFirstName'];
    $lastname = $_POST['inputLastName'];
    $originalpassword = SHA1($_POST['inputOriginalPassword']);
    $confirmpassword = SHA1($_POST['inputConfirmPassword']);
    $createdip = $_SERVER['REMOTE_ADDR'];

    require_once('connectdb.php');

    /* Connect to the database */

    $mysqli = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_BASE);
    if (mysqli_connect_errno()) {
        printf("Connect failed: %s\n", mysqli_connect_error());
        exit();
    }

    if ($stmt = $mysqli->prepare("INSERT INTO Users (Firstname, Lastname, Email, Password, Admin, Activated, CreatedIP, Datecreated)
                                 values(?, ?, ?, ?, ?, ?, ?, ?")) {
        /* Bind our params */

        $stmt->bind_param('ssssiiss', $firstname, $lastname, $email, $originalpassword, 0, 0, $createdip, NOW());

        /* Execute statement */

            $stmt -> execute();
            $alert = '<p class="alert-success">Account created, check your email for an activation link.</p>';

            $mysqli -> close();
            $stmt -> close();
    } else {
            $alert = '<p class="alert-error"> Something went wrong </p>';
            $mysqli -> close();
    }
}
require_once('navbar.php');
?>
<div class="container" style="padding-top: 35px; padding-bottom: 50px;">
<form class="form-signin" method="post" action="<?php echo $_SERVER['PHP_SELF']?>">
    <h2 class="form-signin-heading">Please Register</h2>
    <input type="text" class="input-block-level" placeholder="Email Address" name="inputEmail">
    <input type="text" class="input-block-level" placeholder="First Name" name="inputFirstName">
    <input type="text" class="input-block-level" placeholder="Last Name" name="inputLastName">
    <input type="password" class="input-block-level" placeholder="Password" name="inputOriginalPassword">
    <input type="password" class="input-block-level" placeholder="Confirm Password" name="inputConfirmPassword">
    <?php echo $alert; ?>
    <button type="submit" name="submit" class="btn btn-info">Register</button>
</form>
</div>


<?php require_once('footer.php'); ?>
4

2 回答 2

0

使用下面的代码,您的查询是错误的。

if ($stmt = $mysqli->prepare("INSERT INTO Users (Firstname, Lastname, Email, Password, Admin, Activated, CreatedIP, Datecreated)
                             values(?, ?, ?, ?, ?, ?, ?, ?)"))
                                                          ^ // you forgot ) here
于 2013-03-01T04:37:19.973 回答
0

试试这个:

if ($stmt = $mysqli->prepare("INSERT INTO Users (Firstname, Lastname, Email, Password, Admin, Activated, CreatedIP, Datecreated)
                                 values(?, ?, ?, ?, 0, 0, ?, NOW())")) {
    /* Bind our params */
    $stmt->bind_param('sssss', $firstname, $lastname, $email, $originalpassword, $createdip);

//剩下的代码

除了左括号外,您不需要绑定NOW()两个 const 值0

于 2013-03-01T04:52:04.373 回答