问题
I'm moving away from mysql and mysqli as many users on stackoverflow are constantly saying good things about it.
I've made a database class and have tested this, this connects fine to the database. I've tried to update my prepared statements to match however I am in unfamiliar territory and have ended up getting the following error:
Fatal error: Call to undefined method PDOStatement::bind_param() in E:\xampp\htdocs\imanage\insert.php on line 50
which reflects this line:
$stmt->bind_param("s", $_POST['email']);
Also in regards to this I am getting the database connection success and close statements returned to me as well as the fatal error e.g:
Successfully connected to the database!Successfully connected to the database!Successfully disconnected from the database!
I'll explain what I am trying to achieve:
- Check e-mail exists in the database before registrating user
- if so tell user that this e-mail exists
- if no match insert the user into the users table and encrypt the password
The relevant code is below and would appreciate if anyone could give me some guidance on this.
index.php
<form id="loginForm" method="POST" action="class.Login.php">
<input type="text" id="email" name="email" placeholder="E-mail">
<input type="password" id="password" name="password" placeholder="Password" class="showpassword">
<input type="submit" name="submit" value="Log in"></form>
insert.php
public function insert() {
$stmt = $this->pdo->prepare("SELECT COUNT(*) FROM users WHERE email=?");
$stmt->bind_param("s", $_POST['email']);
$stmt->execute();
$stmt->bind_result($email_count);
$stmt->fetch();//fecth
$stmt->close();
if ($email_count > 0) {
echo "email exisits! click here to try <a href='register'>again</a>";
} else {
//escape the POST data for added protection
$username = isset($_POST['username']) ? $_POST['username'] : null;
$cryptedPassword = crypt($_POST['password']);
$password = $cryptedPassword;
$name = isset($_POST['name']) ? $_POST['name'] : null;
$email = isset($_POST['email']) ? $_POST['email'] : null;
$stmta = $this->pdo->prepare("INSERT INTO users (username, password, name, email) VALUES (?, ?, ?, ?)");
//var_dump($this->pdo->error);
$stmta->bind_param('ssss', $username, $password, $name, $email); // bind strings to the paramater
/* execute prepared statement */
$stmta->execute();
printf("%d Row inserted.\n", $stmta->affected_rows);
/* close statement and connection */
$stmta->close();
} // end email_count and insert to table
} // end function
connect/class.Database.php
<?php
// Database connection PDO
class Database {
public function __construct() {
// Connection information
$host = 'localhost';
$dbname = 'imanage';
$user = 'root';
$pass = '';
// Attempt DB connection
try
{
$this->pdo = new PDO("mysql:host=$host;dbname=$dbname", $user, $pass);
$this->pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
echo 'Successfully connected to the database!';
}
catch(PDOException $e)
{
echo $e->getMessage();
}
}
public function __destruct()
{
// Disconnect from DB
$this->pdo = null;
echo 'Successfully disconnected from the database!';
}
}
$run = new Database();
?>
回答1:
Some PDO examples
Example with Bind Parameter
$stmt = $this->pdo->prepare("SELECT COUNT(*) FROM users WHERE email=:email");
$stmt->bindParam(":email", $_POST['email']);
$stmt->execute();
$stmt->fetch(PDO::FETCH_ASSOC);
Example with array
$data = array($username, $password, $name, $email);
$stmta = $this->pdo->prepare("INSERT INTO users (username, password, name, email) VALUES (?, ?, ?, ?)");
$stmta->execute($data);
PDO tutorial
回答2:
set bind_param() to bindParam().
来源:https://stackoverflow.com/questions/18702772/pdo-bind-param-is-undefined-method