Question

我试图弄清楚为什么我的代码不起作用。我在布尔＆＃34;上得到＆＃34;调用成员函数execute（）这应该表明我犯了一个SQL错误。虽然我不确定它是什么。我一直在看其他帖子，但它们对我来说并不是很有用。对不起，如果它是重复的。

if(isset($_POST["signup"])) {
$username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING)
      or die('Error: missing username');
$email = filter_input(INPUT_POST, 'email')
     or die('Error: missing email');
$password = filter_input(INPUT_POST, 'password')
     or die('Error: missing password');

$sql = $db->prepare('SELECT username, email FROM wyvern_user WHERE 
username=?, email=?');
$sql->execute();
$sql->bind_result($username, $email);
while($stmt->fetch()) {
if($username && $email > 1) {
echo "User Already in Exists<br/>";
} else {
$query = $db->prepare("INSERT INTO wyvern_user (username, email, password) 
VALUES(?, ?, ?)");
$query->bind_param('sss', $username, $email, $password);
$query->execute();
echo "Account created";}
}
}

这是我的形式，如果它有所作为。

    <form class="theform" action="signup.php" method="post">
    <p>Register as user:</p><br>
    Username<span>*</span><input type="text" name="username" value="" 
    placeholder="username"><br><br>
    Email<span>*</span> <input type="email" name="email" value="" 
    placeholder="email"><br><br>
    Password<span>*</span><input type="password" name="password" 
    value="" placeholder="password"><br><br>
    <input type="submit" name="signup" value="signup"><br><br>
    </form>

Answer 1

您的SQL语法不正确。在执行之前，您需要bind parameters to your statement，如果您不使用查询结果，则无需获取查询结果。也许这会奏效：

<?php
if(isset($_POST["signup"])) {
    $username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING)
        or die('Error: missing username');
    $email = filter_input(INPUT_POST, 'email')
        or die('Error: missing email');
    $password = filter_input(INPUT_POST, 'password')
        or die('Error: missing password');

    $sql = $db->prepare('SELECT username, email FROM wyvern_user WHERE username=? AND email=?');
    if (!$sql) {
        die("Database error: $db->error");
    }
    $sql->bind_param("ss", $username, $email);
    $sql->execute();
    if ($sql->num_rows) {
        echo "User already exists<br/>";
    } else {
        $query = $db->prepare("INSERT INTO wyvern_user (username, email, password) VALUES(?, ?, ?)");
        $query->bind_param('sss', $username, $email, $password);
        $query->execute();
        echo "Account created";
    }
}

不确定您的filter_input()功能在做什么，但在使用预准备语句时您不需要进行任何清理。您可以使用filter_var()和FILTER_VALIDATE_EMAIL来检查电子邮件地址。

试图检查它是否已存在用户名和电子邮件

1 个答案: