删除到 table1 不会产生错误
我有以下脚本,它应该会产生错误,但它没有:
<?php
error_reporting( E_ALL | E_STRICT );
ini_set('display_errors', 1);
?>
<html>
<head>
<title></title>
<link rel="icon" type="image/png" href="favicon.ico">
<?php
$err = array();
if( $_SERVER['REQUEST_METHOD']=='POST' ) {
if( empty( $_POST['display_name'] ) ) $err[] = "display name field is required";
if( empty( $_POST['email'] ) ) $err[] = "email field is required";
if( empty( $_POST['password'] ) ) $err[] = "password field is required";
if( !$err ) {
try {
$DBH = new PDO( "mysql:host=localhost;dbname=database1", "user", "pass" );
$DBH -> setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
$STH = $DBH -> prepare( "delete into table1 (display_name, email, password) values ( :display_name, :email, :password )" );
$STH -> bindParam( ':display_name', $_POST['display_name'], PDO::PARAM_STR, 100 );
$STH -> bindParam( ':email', $_POST['email'], PDO::PARAM_STR, 100 );
$STH -> bindParam( ':password', $_POST['password'], PDO::PARAM_STR, 100 );
$STH -> execute();
$STH = $DBH -> prepare( "delete into table2 ( username, status, users_id ) values ( :username, :status, :users_id )" );
$strStatus = 1;
$STH -> bindParam( ':username', $_POST['display_name'], PDO::PARAM_STR, 100 );
$STH -> bindParam( ':status', $strStatus, PDO::PARAM_INT, 1 );
$STH -> bindParam( ':users_id', $_POST['referer'], PDO::PARAM_INT, 1 );
$STH -> execute();
$DBH = null;
} catch( PDOException $e ) {
echo $e -> getMessage();
}
header( "Location: ".$_SERVER['PHP_SELF'] );
exit;
} else {
foreach( $_POST as $key => $val ) {
$form[$key] = htmlspecialchars($val);
}
}
} else {
$form['display_name'] = $form['email'] = $form['password'] = '';
}
?>
</head>
<body>
<?php foreach( $err as $line ) { ?>
<div style="error"><?php echo $line; ?></div>
<?php } ?>
<h1>register</h1>
<form method="post">
referers id:<br />
<input type="text" name="referer" /><br /><br />
name:<br />
<input type="text" name="display_name" value="<?php echo $form['display_name']; ?>" /><br /><br />
email:<br />
<input type="text" name="email" value="<?php echo $form['email']; ?>" /><br /><br />
password:<br />
<input type="text" name="password" value="<?php echo $form['password']; ?>" /><br /><br />
<input type="submit" value="register" />
</form><br /><br />
or register with one of your existing accounts:<br /><br />
facebook<br /><br />
google
</body>
</html>
看看 2 个 SQL 查询...
I have the following script, which should be producing errors, but it does not:
<?php
error_reporting( E_ALL | E_STRICT );
ini_set('display_errors', 1);
?>
<html>
<head>
<title></title>
<link rel="icon" type="image/png" href="favicon.ico">
<?php
$err = array();
if( $_SERVER['REQUEST_METHOD']=='POST' ) {
if( empty( $_POST['display_name'] ) ) $err[] = "display name field is required";
if( empty( $_POST['email'] ) ) $err[] = "email field is required";
if( empty( $_POST['password'] ) ) $err[] = "password field is required";
if( !$err ) {
try {
$DBH = new PDO( "mysql:host=localhost;dbname=database1", "user", "pass" );
$DBH -> setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
$STH = $DBH -> prepare( "delete into table1 (display_name, email, password) values ( :display_name, :email, :password )" );
$STH -> bindParam( ':display_name', $_POST['display_name'], PDO::PARAM_STR, 100 );
$STH -> bindParam( ':email', $_POST['email'], PDO::PARAM_STR, 100 );
$STH -> bindParam( ':password', $_POST['password'], PDO::PARAM_STR, 100 );
$STH -> execute();
$STH = $DBH -> prepare( "delete into table2 ( username, status, users_id ) values ( :username, :status, :users_id )" );
$strStatus = 1;
$STH -> bindParam( ':username', $_POST['display_name'], PDO::PARAM_STR, 100 );
$STH -> bindParam( ':status', $strStatus, PDO::PARAM_INT, 1 );
$STH -> bindParam( ':users_id', $_POST['referer'], PDO::PARAM_INT, 1 );
$STH -> execute();
$DBH = null;
} catch( PDOException $e ) {
echo $e -> getMessage();
}
header( "Location: ".$_SERVER['PHP_SELF'] );
exit;
} else {
foreach( $_POST as $key => $val ) {
$form[$key] = htmlspecialchars($val);
}
}
} else {
$form['display_name'] = $form['email'] = $form['password'] = '';
}
?>
</head>
<body>
<?php foreach( $err as $line ) { ?>
<div style="error"><?php echo $line; ?></div>
<?php } ?>
<h1>register</h1>
<form method="post">
referers id:<br />
<input type="text" name="referer" /><br /><br />
name:<br />
<input type="text" name="display_name" value="<?php echo $form['display_name']; ?>" /><br /><br />
email:<br />
<input type="text" name="email" value="<?php echo $form['email']; ?>" /><br /><br />
password:<br />
<input type="text" name="password" value="<?php echo $form['password']; ?>" /><br /><br />
<input type="submit" value="register" />
</form><br /><br />
or register with one of your existing accounts:<br /><br />
facebook<br /><br />
google
</body>
</html>
Look at the 2 SQL queries...
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
我不认为
execute()会引发异常(如果我错了,请有人纠正我)。它将发送准备好的语句(查询)到数据库并返回 TRUE 或 FALSE,具体取决于成功。
您可以检查返回的值并 echo
$STH -> error查看 MySQL 错误消息。像这样的事情:检查这个类似的问题:MySQLi准备语句错误报告
I don't think
execute()will raise an Exception (please if I'm wrong, someone correct me).It will send the prepared statement (query) to the database and return TRUE or FALSE, depending on success.
You can check that returned value and echo
$STH -> errorto see the MySQL error message. Something like this:Check this similar problem: MySQLi prepared statements error reporting
通过将标题位置和退出行移动到 db null 行之后的 catch 上方来使其工作。
Got it working by moving the header location and exit lines above the catch after the db null line.