php - PDO插入和执行

Question

首先，我的 mysql 知识非常有限，我决定尝试使用 PDO，因为我听说它使用起来更安全。话虽这么说，如果您在尝试帮助我时发现任何注入(inject)责任，请告诉我!无论如何，我对如何处理 PDO 查询的输出以及一般的执行有疑问...

我尝试做的第一件事是获取表单数据，并搜索数据库以查看是否有其他人具有相同的用户名或相同的电子邮件:

if(isset($_POST['name']) && !empty($_POST['name']) AND isset($_POST['password']) && !empty($_POST['password']) AND $_POST['password'] == $_POST['password2'] AND isset($_POST['email']) && !empty($_POST['email']) AND isset($_POST['year']) && !empty($_POST['year']) AND isset($_POST['termsandconditions']) && !empty($_POST['termsandconditions'])){
        $name = $_POST['name'];
            $password = $_POST['password'];
        $email = $_POST['email'];
        foreach ($_POST['year'] as $year);
        $termsandconditions = $_POST['termsandconditions'];

        $idqry = $sql->prepare("SELECT id FROM users WHERE username = :idcheck");
        $idqry->bindParam(':idcheck', $name, PDO::PARAM_STR,20);
        $idqry->execute();

        $emailqry = $sql->prepare("SELECT id FROM users WHERE email = :idcheck");
        $emailqry->bindParam(':emailcheck', $email, PDO::PARAM_STR, 40);
        $emailqry->execute();

稍后，我尝试使用 PDO 查询检查重复的用户名/电子邮件并创建不同的条件:

if(!eregi("^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.(edu)$", $email)){
        // Return Error - Invalid Email
        $msg = 'The email you have entered is invalid, please try again.<br />*NOTE: You must use a .edu email to be able to register!';
    }elseif($idqry != FALSE){
        $msg = "That username has already been used, please try another one.";
    }elseif($emailqry != FALSE){
        $msg = 'That email has already been used, <a class=statusmsg href="../recovery/">need to recover your password?</a>.';
    }else{
        $msg = 'Your account has been made, <br /> please verify it by clicking the activation link that has been sent to your email.';
        $hash = md5(rand(0,1000));
        $hashedpass = password_hash($password, PASSWORD_BCRYPT);



        $sqlinsert = $sql->prepare("INSERT INTO users (username, password, email, hash, year, termsandconditions) VALUES (:username, :password, :email, :hash, :year, :termsandconditions)");
        $sqlinsert->execute(array(
                            ':username' => $name,
                            ':password' => $hashedpass,
                            ':email' => $email,
                            ':hash' => $hash,
                            ':year' => $year,
                            ':termsandconditions' => $termsandconditions));
    }
}

当我尝试对此进行测试时，我总是得到“该用户名已被使用，请尝试另一个”的 $msg 输出。 (即使我输入了唯一的用户名)

你看到什么不对了吗？ 另外，是否可以绑定(bind)参数数据库插入？ 谢谢!

Answer 1

我认为你正在尝试做的是这个。

$idqry = $sql->prepare("SELECT id FROM users WHERE username = :idcheck");
$idqry->bindParam(':idcheck', $name, PDO::PARAM_STR,20);
$idqry->execute();
//This is how you get the number of rows returned
$rowCount = $idqry->rowCount();

if ($rowCount > 0){
echo 'user name taken';
}else{
echo 'user name available';
}

我相信你可以解决剩下的问题:)