ter*_*pak 1 php mysql sql parameters mysqli
我正在尝试bind_param在我的网站中使用mysqli 函数来注册用户.我想做两件事:
如果用户使用我提供的注册表注册,请将数据库中的用户密码设置为所需的密码(当然是哈希和盐渍);
如果他们使用Facebook注册,请将密码字段设置为NULL.
我意识到我可以将数据库中的密码列的默认值设置为NULL,并且在注册时不会在语句中指定它,但是这个问题也会继续到网站的其他方面,这不是一个实际的解决方案.
$password = null;
$stmt->bind_param('ssssss', $email, $password, $fullname,
$prof_image_url, $splash_image_url, $facebook_id);
出于测试目的,我$password在调用语句之前将变量设置为null,但仍然会发生.执行查询时,当我通过命令行查看时,它会导致密码列为空的行而不是NULL.
非常感谢所有帮助!
编辑:这是密码列的结构...字段:密码,类型:varchar(255),Null:YES,密钥:,默认值:NULL,额外:
function user_add($mysqli, $email, $password, $fullname, $prof_image_url = null, $splash_image_url = null, $facebook_id = null) {
if ($mysqli == null) throw new Exception('Could not connect to database.');
if ($email == null || $email == '') throw new Exception('Email is required.', 1);
if ($password != null && $password == '') throw new Exception('Password is required.', 1);
if ($fullname == null || $fullname == '') throw new Exception('Name is required.', 1);
if ($prof_image_url == null) $prof_image_url = IMAGE_PATH . '/profile_default.png';
if ($splash_image_url == null) $splash_image_url = IMAGE_PATH . '/splash_bg_1.jpg';
$email = $mysqli->real_escape_string($email);
$password = $mysqli->real_escape_string($password);
$fullname = $mysqli->real_escape_string($fullname);
$facebook_id = $mysqli->real_escape_string($facebook_id);
$stmt = $mysqli->prepare('INSERT INTO users(`email`, `password`, `full_name`, `prof_image_url`, `splash_image_url`, `facebook_id`) VALUES(?, ?, ?, ?, ?, ?);');
if (!$stmt) {
throw new Exception('Could not connect to database.');
}
$stmt->bind_param('ssssss', $email, $password, $fullname, $prof_image_url, $splash_image_url, $facebook_id);
if (!$stmt->execute()) {
throw new Exception('Could not register user.', 1);
}
return $mysqli->insert_id;
}
这就是我调用函数的地方:
function account_facebook_register($mysqli, $code){
$token_url = "https://graph.facebook.com/oauth/access_token?"
. "client_id=" . FACEBOOK_APP_ID
. "&redirect_uri=" . urlencode(FACEBOOK_REDIRECT_URL)
. "&client_secret=" . FACEBOOK_APP_SECRET
. "&code=" . $code
. "&scope=email";
$response = @file_get_contents($token_url);
$params = null;
parse_str($response, $params);
$token = $params['access_token'];
$graph_url = "https://graph.facebook.com/me?access_token=" . $token;
$user = json_decode(file_get_contents($graph_url));
if (!isset($user->email)){
$_SESSION['error'] = 'Invalid email on Facebook account.';
$_SESSION['error_level'] = 1;
header('Location: ' . WEB_ROOT . '/account/register.php');
die;
}
$user_exists = user_getByEmail($mysqli, $user->email);
if ($user_exists == null){
$mysqli = mysql_create();
$password = null;
$uid = user_add($mysqli, $user->email, $password, $user->name, 'https://graph.facebook.com/' . $user->id . '/picture?type=large', null, $user->id);
$token = facebook_get_long_token($token);
token_add($mysqli, $uid, 'facebook', $token, $user->id);
$_SESSION['fb_token'] = $token;
$_SESSION['uid'] = $uid;
$_SESSION['success'] = "Registration Successful!";
}else{
account_facebook_login($mysqli, $user_exists->uid);
}
}
mysql_create函数只是设置数据库以进行访问并按预期工作.谢谢!
答案:mysqli-> real_escale_string使空值为空.在转义变量之前检查变量是否为null.
绑定值时,根本不应使用real_escape_string.
这使得您的初始问题不是真正的问题 - 如果您确实将null值传递给此函数,而没有任何中间操作,则根本不存在任何问题.
编辑版本也不合法,因为它要求检查您的代码,找到错误,提出问题并回答它.虽然前两个动作你必须自己完成.
因此,要回答你的问题,只需要它的代码:
$password = null;
$stmt->bind_param('ssssss', $email, $password, $fullname,
$prof_image_url, $splash_image_url, $facebook_id);
并且它将绑定null值.