bindValue上的错误
bindValue上的错误
提问于 2015-12-15 11:41:00
我已经浏览过互联网,但无法找到和理解提供的任何解决方案。
基本上,我创建了(或者更确切地说是从Internet复制了一些脚本),并尝试在脚本上工作以创建一个注册页面。我正在使用PHP、Mysql和XAMPP。连接已经很好了。我测试了一些基本表单上的数据输入,等等。
但我的问题是,在我处理完脚本之后,我设法将数据插入到表(peekdoordb)...all (散列和验证表单worked..except )中,即使数据错误或字段为空,表单仍然会将数据提交到DB。在我又乱了一次之后,问题就出现了。错误出现在“$stmt->bindValue(':name', $name);”上
我一直在浏览器上看到这个错误;
注意:未定义变量:第194行C:\xampp\htdocs\eventsite\TMP1kjqc3x.php中的stmt
和
致命错误:对第194行中的非对象的成员函数bindValue()的调用
registration.php (注册页面)包含两个文件,它们分别是connect.php和password.php,但我从未对这两个文件做任何修改,因为在此之前,只能提交数据,问题是表单,数据一直插入DB中,就像我前面提到的那样。但现在的主要问题是这个错误。
<?php
//register.php
/**
* Start the session.
*/
session_start();
//Include password_compat library.
require 'lib/password.php';
//Include MySQL connection.
require 'connect.php';
//define variables and define to null.
$nameError = $telnoError = $usernameError = $passwordError ="";
$name = $telno = $username = $pass = "";
//Retrieve the field values from registration form.
$name = !empty($_POST ['name']) ? trim($_POST['name']) : null ;
$telno = !empty ($_POST ['telno']) ? trim($_POST['telno']) : null;
$username = !empty($_POST['username']) ? trim($_POST['username']) : null;
$pass = !empty($_POST['password']) ? trim($_POST['password']) : null;
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
$formValid = true; // Boolean - Set to true b4 validating
//If the POST var "register" exists ( the submit button), then I can
//assume that the user has submitted the registration form.
if(isset($_POST['register'])){
//TO ADD: Error checking (username characters, password length, etc).
//Basically, you will need to add your own error checking BEFORE
//the prepared statement is built and executed.
//Now, we need to check if the supplied username already exists.
//Construct the SQL statement and prepare it.
if (empty($_POST["name"])) {
$nameError = "Name is required";
}else {
$name = test_input($_POST["name"]);
// check name only contains letters and whitespace
if (!preg_match("/^[a-zA-Z ]*$/",$name)) {
$nameError = "Only letters and white space allowed";
}
}
if (empty($_POST["telno"])) {
$telnoError = "Tel number is required";
} else {
$telno = test_input($_POST["telno"]);
// check if e-mail address syntax is valid or not
if (!preg_match("/^[a-zA-Z ]*$/",$telno)) {
$telnoError = "Invalid tel no format";
}
}
if (empty($_POST["username"])) {
$usernameError = "username is required";
} else {
$username = test_input($_POST["username"]);
// check name only contains letters and email syntax
if (!preg_match("/^[a-zA-Z ]*$/",$username)) {
$usernameError = "Only letters and email syntax required";
}
}
if (empty($_POST["password"])) {
$passwordError = "passworde is required";
} else {
$pass = test_input($_POST["password"]);
// check name only contains letters and email syntax
if (!preg_match("/^[a-zA-Z ]*$/",$pass)) {
$passwordError = "Only password letter syntax";
}
}
//*******************************************************************
$sql = "SELECT COUNT(username) AS num FROM users WHERE username = :username";
$stmt = $pdo->prepare($sql);
//Bind the provided username to our prepared statement.
$stmt->bindValue(':username', $username);
//Execute.
$stmt->execute();
//Fetch the row.
$row = $stmt->fetch(PDO::FETCH_ASSOC);
//If the provided username already exists - display error.
//TO ADD - Your own method of handling this error. For example purposes,
//I'm just going to kill the script completely, as error handling is outside
//the scope of this tutorial.
if($row['num'] > 0){
die('That username already exists!');
}
//Hash the password as we do NOT want to store our passwords in plain text.
$passwordHash = password_hash($pass, PASSWORD_BCRYPT, array("cost" => 12));
}
//If the signup process is successful.
elseif($formValid){
//******************************ppppp
//Bind our variables.
$stmt->bindValue(':name', $name);
$stmt->bindValue(':telno', $telno);
$stmt->bindValue(':username', $username);
$stmt->bindValue(':password', $passwordHash);
$stmt = $pdo->prepare($sql);
//Prepare our INSERT statement.
//Remember: We are inserting a new row into our users table.
$sql = "INSERT INTO users (name, telno, username, password) VALUES (:name, :telno, :username, :password)";
//Execute the statement and insert the new account.
$result = $stmt->execute();
//What you do here is up to you!
echo 'Thank you for registering with our website.';
}
else {
die('something wrong!');
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Register</title>
<style type="text/css">
.lucida {
font-family: "MS Serif", "New York", serif;
}
body form table {
font-weight: bold;
}
</style>
</head>
<body>
<h1> </h1>
<h1> </h1>
<h1 align="center"> Register</h1>
<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>" method="post">
<div align="center">
<table width="800" border="0">
<tr>
<td width="404" class="lucida"><div align="right">Name :</div></td>
<td width="386"><input class="input" name="name" type="text" value="<?PHP print $name ; ?>">
<span class="error">* <?php echo $nameError;?></span></td>
</tr>
<tr>
<td class="lucida"><div align="right">Contact Number :</div></td>
<td><input class="input" name="telno" type="text" value="<?PHP print $telno ; ?>">
<span class="error">* <?php echo $telnoError;?></span></td>
</tr>
<tr>
<td class="lucida"><div align="right">Email (Username) :</div></td>
<td><input class="input" name="username" type="text" value="<?PHP print $username ; ?>">
<span class="error">* <?php echo $usernameError;?></span></td>
</tr>
<tr>
<td class="lucida"><div align="right">Password :</div></td>
<td><input class="input" name="password" type="text" value="">
<span class="error">* <?php echo $passwordError;?></span></td>
</tr>
<tr>
<td class="lucida"><div align="right"></div></td>
<td> </td>
</tr>
<tr>
<td><div align="right"></div></td>
<td> </td>
</tr>
<tr>
<td> </td>
<td> </td>
</tr>
<tr>
<td><div align="right"></div></td>
<td> </td>
</tr>
</table>
<input type="submit" name="register" value="Register">
<br>
</div>
</button>
</form>
</body>
</html>回答 2
Stack Overflow用户
回答已采纳
发布于 2015-12-15 11:52:57
试试这个-
//Prepare our INSERT statement.
//Remember: We are inserting a new row into our users table.
$sql = "INSERT INTO users (name, telno, username, password) VALUES (:name, :telno, :username, :password)";
$stmt = $pdo->prepare($sql);
$stmt->bindValue(':name', $name);
$stmt->bindValue(':telno', $telno);
$stmt->bindValue(':username', $username);
$stmt->bindValue(':password', $passwordHash);
//Execute the statement and insert the new account.
$stmt->execute();在语句bindValue之前有prepare,因此您将得到这个错误。可以在prepare变量下面对语句进行绑定,然后绑定值。这是对我有用的。
更新应答
<?php
//register.php
/**
* Start the session.
*/
session_start();
//Include password_compat library.
require 'lib/password.php';
//Include MySQL connection.
require 'connect.php';
//define variables and define to null.
$nameError = $telnoError = $usernameError = $passwordError = "";
$name = $telno = $username = $pass = "";
//Retrieve the field values from registration form.
$name = !empty($_POST ['name']) ? trim($_POST['name']) : null;
$telno = !empty($_POST ['telno']) ? trim($_POST['telno']) : null;
$username = !empty($_POST['username']) ? trim($_POST['username']) : null;
$pass = !empty($_POST['password']) ? trim($_POST['password']) : null;
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
$formValid = true; // Boolean - Set to true b4 validating
//If the POST var "register" exists ( the submit button), then I can
//assume that the user has submitted the registration form.
if (isset($_POST['register'])) {
//TO ADD: Error checking (username characters, password length, etc).
//Basically, you will need to add your own error checking BEFORE
//the prepared statement is built and executed.
//Now, we need to check if the supplied username already exists.
//Construct the SQL statement and prepare it.
if (empty($_POST["name"])) {
$nameError = "Name is required";
$formValid = false;
} else {
$name = test_input($_POST["name"]);
// check name only contains letters and whitespace
if (!preg_match("/^[a-zA-Z ]*$/", $name)) {
$nameError = "Only letters and white space allowed";
$formValid = false;
}
}
if (empty($_POST["telno"])) {
$telnoError = "Tel number is required";
$formValid = false;
} else {
$telno = test_input($_POST["telno"]);
// check if e-mail address syntax is valid or not
if (!preg_match("/^[a-zA-Z ]*$/", $telno)) {
$telnoError = "Invalid tel no format";
$formValid = false;
}
}
if (empty($_POST["username"])) {
$usernameError = "username is required";
$formValid = false;
} else {
$username = test_input($_POST["username"]);
// check name only contains letters and email syntax
if (!preg_match("/^[a-zA-Z ]*$/", $username)) {
$usernameError = "Only letters and email syntax required";
$formValid = false;
}
}
if (empty($_POST["password"])) {
$passwordError = "passworde is required";
$formValid = false;
} else {
$pass = test_input($_POST["password"]);
// check name only contains letters and email syntax
if (!preg_match("/^[a-zA-Z ]*$/", $pass)) {
$passwordError = "Only password letter syntax";
$formValid = false;
}
}
//*******************************************************************
$sql = "SELECT COUNT(username) AS num FROM users WHERE username = :username";
$stmt = $pdo->prepare($sql);
//Bind the provided username to our prepared statement.
$stmt->bindValue(':username', $username);
//Execute.
$stmt->execute();
//Fetch the row.
$row = $stmt->fetch(PDO::FETCH_ASSOC);
//If the provided username already exists - display error.
//TO ADD - Your own method of handling this error. For example purposes,
//I'm just going to kill the script completely, as error handling is outside
//the scope of this tutorial.
if ($row['num'] > 0) {
$usernameError = 'That username already exists!';
$formValid = false;
}
//Hash the password as we do NOT want to store our passwords in plain text.
$passwordHash = password_hash($pass, PASSWORD_BCRYPT, array("cost" => 12));
//$passwordHash = $pass;
if ($formValid) {
//******************************ppppp
//Bind our variables.
//Prepare our INSERT statement.
//Remember: We are inserting a new row into our users table.
$sql = "INSERT INTO users (name, telno, username, password) VALUES (:name, :telno, :username, :password)";
$stmt = $pdo->prepare($sql);
$stmt->bindValue(':name', $name);
$stmt->bindValue(':telno', $telno);
$stmt->bindValue(':username', $username);
$stmt->bindValue(':password', $passwordHash);
//Execute the statement and insert the new account.
$result = $stmt->execute();
//What you do here is up to you!
echo 'Thank you for registering with our website.';
}
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Register</title>
<style type="text/css">
.lucida {
font-family: "MS Serif", "New York", serif;
}
body form table {
font-weight: bold;
}
</style>
</head>
<body>
<h1> </h1>
<h1> </h1>
<h1 align="center"> Register</h1>
<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="post">
<div align="center">
<table width="800" border="0">
<tr>
<td width="404" class="lucida"><div align="right">Name :</div></td>
<td width="386"><input class="input" name="name" type="text" value="<?PHP print $name; ?>">
<span class="error">* <?php echo $nameError; ?></span></td>
</tr>
<tr>
<td class="lucida"><div align="right">Contact Number :</div></td>
<td><input class="input" name="telno" type="text" value="<?PHP print $telno; ?>">
<span class="error">* <?php echo $telnoError; ?></span></td>
</tr>
<tr>
<td class="lucida"><div align="right">Email (Username) :</div></td>
<td><input class="input" name="username" type="text" value="<?PHP print $username; ?>">
<span class="error">* <?php echo $usernameError; ?></span></td>
</tr>
<tr>
<td class="lucida"><div align="right">Password :</div></td>
<td><input class="input" name="password" type="text" value="">
<span class="error">* <?php echo $passwordError; ?></span></td>
</tr>
<tr>
<td class="lucida"><div align="right"></div></td>
<td> </td>
</tr>
<tr>
<td><div align="right"></div></td>
<td> </td>
</tr>
<tr>
<td> </td>
<td> </td>
</tr>
<tr>
<td><div align="right"></div></td>
<td> </td>
</tr>
</table>
<input type="submit" name="register" value="Register">
<br>
</div>
</button>
</form>
</body>
</html>Stack Overflow用户
发布于 2015-12-15 12:07:16
即使数据错误或字段为空,表单仍会将数据提交到数据库中。
您正在错误的地方检查$formValid。你的条件可以概括如下:
$formValid = true;
if (isset($_POST['register'])) {
} else if ($formValid) {
} else { ...如上所述,如果没有设置$_POST['register'] (例如,在加载注册表单时),您的代码将执行第二个if语句中的任何内容。您的条件结构应进行修改,以便在第一个条件中包括表单有效性检查:
$formValid = true;
if (isset($_POST['register'])) {
// validation stuff goes here
if ($formValid) {
//database insert goes here
}
else {
//invalid data. Tell the user
}
}另外,您应该假定来自用户的任何数据都是无效的,除非另有证明,即$formValid最初应该是false。
注意:未定义变量: C:\xampp\htdocs\eventsite\TMP1kjqc3x.php中第19行的stmt,致命错误:调用第194行C:\xampp\htdocs\eventsite\TMP1kjqc3x.php中非对象上的成员函数bindValue()。
您正在尝试使用未在$stmt范围内定义的变量else if($formValid)。$sql也是如此。在使用变量之前,必须设置任何变量。命令应是:
$sql = "INSERT INTO users (name, telno, username, password) VALUES (:name, :telno, :username, :password)";
$stmt = $pdo->prepare($sql);
$stmt->bindValue(':name', $name);
$stmt->bindValue(':telno', $telno);
$stmt->bindValue(':username', $username);
$stmt->bindValue(':password', $passwordHash);页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/34288302
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号