成功登录后,我希望该函数保留user_id,以便用户可以更新数据库中的配置文件。在数据库中有两行称为catchphrase和interest。现在当我写东西时,它会创建一个user_id为0的新列。
我也得到了这个错误:注意:
中的数组到字符串转换/Applications/XAMPP/xamppfiles/htdocs/modul8B/models/profile_table_class.php on line 23
第23行是:
$data = array ($catchphrase, $interest, $image);
这里是插入代码:
class Profile_Table {
private $db;
public function __construct($pdo) {
$this->db = $pdo;
;
}
public function getProfileForUser($user_id){
$sql = "SELECT user_id, catchphrase, interest, image FROM user
WHERE user_id = ?";
$statement = $this->db->prepare($sql);
$data = array( $user_id);
$statement->execute($data);
//print_r($statement);
return $statement->fetchObject();
}
public function insertProfile($catchphrase, $interest, $image){
$sql = "INSERT INTO user (catchphrase, interest, image) values ('".$catchphrase."', '".$interest."', '".$image."')";
$statement = $this->db->prepare($sql);
$data = array ($catchphrase, $interest, $image);
$statement->execute ($data);
return $statement;
}
以及主页:
<?php
if ($siteVisitor->IsLoggedIn()) {
//echo "catchphrase = $catchphrase<br>";
include_once "models/profile_table_class.php";
$profiles = new Profile_Table($db);
$userId = $siteVisitor->getId();
$profileData = $profiles->getProfileForUser($userId);
//die();
$homeOutput = include_once 'views/loggedIn.php';
$homeOutput .= include_once "views/profile-list-html.php";
$profileIsSubmitted = isset($_POST['profile-submit']);
if ($profileIsSubmitted) {
$catchphrase = $_POST['catchphrase'];
$interest = $_POST['interest'];
$image = $_FILES['image'];
try {
$profiles->insertProfile($catchphrase, $interest, $image);
} catch (Exception $e) {
$errorDescription = $e;
echo $e;
}
}
return $homeOutput;
任何帮助表示感谢。
答案 0 :(得分:1)
对于getProfileForUser
方法,您正在使用user_id的参数:
user_id = ?
在insertProfile
方法中,你不是:
('".$catchphrase."', '".$interest."', '".$image."')
这是不一致的,不安全的
使用命名参数:name
将使您的代码更具可读性(更安全),因此如果您愿意,我建议您使用它们。
http://www.php.net/manual/en/pdostatement.bindparam.php
以下是代码:
public function getProfileForUser($user_id){
$sql = "SELECT user_id, catchphrase, interest, image FROM user WHERE user_id = :user_id";
$statement = $this->db->prepare($sql);
$parameters = array(
':user_id' => $user_id
);
$statement->execute($parameters);
return $statement->fetchObject();
}
public function insertProfile($catchphrase, $interest, $image){
$sql = "INSERT INTO user (catchphrase, interest, image) values (:catchprase, :interest, :image)";
$statement = $this->db->prepare($sql);
$parameters = array(
':catchprase' => $catchphrase,
':interest' => $interest,
':image' => $image
);
$statement->execute($parameters);
return $statement;
}
另一件事,不要上传数据库中的文件,我认为这会导致您的数组出现字符串错误,只上传对图像的引用并将文件移动到应用中的images目录:
if ($siteVisitor->IsLoggedIn()) {
include_once "models/profile_table_class.php";
$profiles = new Profile_Table($db);
$userId = $siteVisitor->getId();
$profileData = $profiles->getProfileForUser($userId);
//die();
$homeOutput = include_once 'views/loggedIn.php';
$homeOutput .= include_once "views/profile-list-html.php";
$profileIsSubmitted = isset($_POST['profile-submit']);
if ($profileIsSubmitted) {
$catchphrase = $_POST['catchphrase'];
$interest = $_POST['interest'];
$image_directory = '/uploads'; // destination folder
$image = $_FILES['image'];
$imageRef = '';
if ($image['error'] < 0) {
$image_tmp_name = $image['tmp_name'];
$image_name = $image['name'];
$imageRef = $image_directory .'/'. $image_name;
// Move the file: Source, destination
move_uploaded_file($image_tmp_name, $imageRef);
}
try {
$profiles->insertProfile($catchphrase, $interest, $imageRef);
} catch (Exception $e) {
$errorDescription = $e;
echo $e;
}
}
return $homeOutput;