大家好,我已经编写了这个注册页面脚本,我想将用户信息注册到数据库中,但我试图通过使用带有 oop 语法的准备好的插入语句来安全地执行此操作,但不确定我是否这样做正确,因为当我注册虚拟时数据,它不会将任何内容放入数据库中。
index.php页面
<!DOCTYPE html>
<html>
<head>
<title>Registration form</title>
<link rel="stylesheet" type="text/css" href="regisform.css">
</head>
<body>
<div id="form">
<div id="header"><h2>Registration Form</h2></div>
<form method="post" action="process.php">
<label>Username:</label>
<input type="text" name="username" placeholder="Enter a Username please" required="required" />
<label>Email:</label>
<input type="text" name="email" placeholder="Enter your email please" required="required" />
<label>Password:</label>
<input type="text" name="password" placeholder="Enter a Password please" required="required" />
<input type="submit" name="signup" value="Sign up"/>
</form>
</div>
</body>
</html>
<?php
include "process.php";
$db = new db();
if(isset($_POST['signup'])) {
$user = $_POST['username'];
$email = $_POST['email'];
$password = $_POST['password'];
$query = "INSERT INTO users (user_name, user_email, user_pass) VALUES (?, ?, ?)";
$run = $db->insert($query);
$run->bind_param('sss', $user, $email, $password);
$run->execute();
$run->close();
}
?>
process.php页面
<?php
class db {
public $host = "localhost";
public $user = "root";
public $pass = "";
public $db_name = "pros";
public $link;
public function __construct(){
$this->connect();
}
private function connect() {
$this->link = new mysqli($this->host, $this->user, $this->pass, $this->db_name);
}
public function insert ($query) {
$result = $this->link->prepare($query);
if($result){
echo "<center><h2>Registration Successfull!</h2></center>";
}
else
{
echo "<center><h2>Registration failed!</h2></center>";
}
return $result;
}
}
?>
最佳答案
我会使用一个函数或方法来完成所有插入
public function insert_new_user($username, $email, $password){
$mysqli = $this->link;
$sql = "INSERT INTO users"
. " (user_name, user_email, user_pass)"
. " VALUES (?, ?, ?)";
$stmt = $mysqli->prepare( $sql );
$stmt->bind_param("sss", $username, $email, $password );
if($stmt->execute()){
return "success";
} else {
return "failed: " . $mysqli->error;
}
}
关于php - 这是在 oop php 中使用准备好的插入语句的正确方法吗?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/38256386/