0

我正在使用 PDO 创建用户注册系统,并尝试将用户表单数据插入数据库表中。很简单,但是错误的值被输入到数据库中。输入到数据库中的值是:username、:password、:email_address、:city 等,而不是从我的表单传递给函数的值。关于我做错了什么的任何想法?我尝试使用 bindParam 和 bindValue 但结果相似,并且根据其他帖子我得出结论,使用数组是最好的方法。帮助!

    function add_user($username, $password, $email, $fName, $lName, $address, $city, $state, $zip, $phone ) {
global $db;
$sql = "INSERT INTO alumni_user_info 
        (username, password, email_address, first, last, address, city, state, zip_code, phone)
        VALUES
        (':username', ':password', ':email_address', ':first', ':last', ':address', ':city', ':state', ':zip_code', ':phone')";

$sth = $db->prepare($sql);      

$result = $sth -> execute(array(':username' => $username, ':password' => $password, ':email_address' => $email, ':first' => $fName, ':last' => $lName, ':address' => $address, ':city' => $city, ':state' => $state, ':zip_code' => $zip, ':phone' => $phone)); 


if ($sth->execute()) {
$success = "Registration successful";
return $success;

} else {
var_dump($result->errorInfo());
$success = "Registration failed";
return $success;
}
4

1 回答 1

3

不要对参数使用引号。它将被转义,因为您已经在绑定参数。

$sql = "INSERT INTO alumni_user_info 
    (username, password, email_address, first, last, address, city, state, zip_code, phone)
    VALUES
    (:username, :password, :email_address, :first, :last, :address, :city, :state, :zip_code, :phone)";

如果您执行类似这样的操作, ':username'PDO 会将其视为字符串。

于 2013-11-02T23:06:40.843 回答