Update db table with an INT

2019-09-14 20:46发布

站内文章 / PHP
14 0 0

问题:

Okay I can't get this figured out.

I want a logged in user to update a row with an amount (INT), I keep getting the invalid parameter error as well as a Call to member function execute() on a non-object.

Here is the php and html that should update the db

<?php
ini_set("log_errors", 1);
ini_set("error_log", "/tmp/php-error.log");
session_start();
require_once 'class.user.php';
$user_home = new USER();

if(!$user_home->is_logged_in())
{
    $user_home->redirect('index.php');
}

$stmt = $user_home->runQuery("SELECT * FROM tbl_client_info WHERE UCODE=:uid");
$stmt->execute(array(":uid"=>$_SESSION['userSession']));
$row = $stmt->fetch(PDO::FETCH_ASSOC);

    if($stmt->rowCount() == 1)
    {
        if(isset($_POST['btn-update-data']))
        {
            $purchasedata = $_POST['purchasedata']; 
            $cpurchasedata = $_POST['cpurchasedata'];


            if($cpurchasedata!==$purchasedata)
            {
                $msg = "<div class='alert alert-block'>
                        <button class='close' data-dismiss='alert'>&times;</button>
                        <strong>Sorry!</strong>  Input Does Not Match. Make sure the details match. 
                        </div>";
            }
            else
            {

                $stmt = $user_home->register("INSERT INTO tbl_client_info (purchasedata) VALUES (?)");
                $stmt->execute(array(":purchasedata"=>$purchasedata));

                //

                $msg = "<div class='alert alert-success'>
                        <button class='close' data-dismiss='alert'>&times;</button>
                        Okay, we have added data to your account.
                        </div>";
            }
        }   
    }
    else
    {
        $msg = "<div class='alert alert-success'>
                <button class='close' data-dismiss='alert'>&times;</button>
                No Sorry That Did Not Work, Try again
                </div>";

    }

?>

<!DOCTYPE html>
<html>
  <head>
    <title>Forgot Password</title>
    <!-- Bootstrap -->
    <link href="bootstrap/css/bootstrap.min.css" rel="stylesheet" media="screen">
    <link href="bootstrap/css/bootstrap.css" rel="stylesheet" media="screen">
    <link href="bootstrap/css/bootstrap-responsive.min.css" rel="stylesheet" media="screen">
    <link href="assets/styles.css" rel="stylesheet" media="screen">

    <link href="css/bootstrap.min.css" rel="stylesheet">

    <link href="fonts/css/font-awesome.min.css" rel="stylesheet">
    <link href="css/animate.min.css" rel="stylesheet">
     <!-- HTML5 shim, for IE6-8 support of HTML5 elements -->
    <!--[if lt IE 9]>
      <script src="http://html5shim.googlecode.com/svn/trunk/html5.js"></script>
    <![endif]-->
    <!-- Custom styling plus plugins -->
    <link href="css/custom.css" rel="stylesheet">
  <link href="css/icheck/flat/green.css" rel="stylesheet">
<script src="js/vendor/modernizr-2.6.2-respond-1.1.0.min.js"></script>

<!-- Sweet Alert -->
  <script src="dist/sweetalert-dev.js"></script>
  <link rel="stylesheet" href="dist/sweetalert.css">
  <!--.......................-->

  </head>



<body style="background:#f3f3f3;"> 

    <div id="wrapper">
      <div id="login_content" class="animate form">
        <section class="login_content">
          <form method="post">
            <h1>Purchase Data</h1>

            <div class='alert alert-success'>
            <strong>Hello </strong><?php echo $row['firstname'] ?>! //add more text here
        </div>

        <?php
        if(isset($msg))
        {
            echo $msg;
        }
        ?>
        <input type="text" class="input-block-level" placeholder="500mb" name="purchasedata" required />
        <input type="text" class="input-block-level" placeholder="Retype the bundle" name="cpurchasedata" required />
        <hr />
        <button class="btn btn-large btn-primary" type="submit" name="btn-update-data">Add data to my account</button>
            <div class="clearfix"></div>
            <div class="separator">

and here is the class_user.php

<?php

require_once 'dbconfig.php';

class USER
{   

    private $conn;

    public function __construct()
    {
        $database = new Database();
        $db = $database->dbConnection();
        $this->conn = $db;
    }

    public function runQuery($sql)
    {
        $stmt = $this->conn->prepare($sql);
        return $stmt;
    }

    public function lasdID()
    {
        $stmt = $this->conn->lastInsertId();
        return $stmt;
    }

    public function register($uname,$email,$upass,$code,$purchasedata)
    {
        try
        {                           
            $password = md5($upass);
            $stmt = $this->conn->prepare("INSERT INTO tbl_client_info(User_Name,billingemail,password,purchasedata,tokenCode) 
                                                         VALUES(:User_Name, :billingemail, :password, :purchasedata, :active_code)");
            $stmt->bindparam(":user_name",$uname);
            $stmt->bindparam(":user_mail",$email);
            $stmt->bindparam(":user_pass",$password);
            $stmt->bindparam(":active_code",$code);
            $stmt->bindparam(":purchasedata",$purchasedata);
            $stmt->execute();   
            return $stmt;
        }
        catch(PDOException $ex)
        {
            echo $ex->getMessage();
        }
    }

    public function login($email,$upass)
    {
        try
        {
            $stmt = $this->conn->prepare("SELECT * FROM tbl_client_info WHERE billingemail=:email_id");
            $stmt->execute(array(":email_id"=>$email));
            $userRow=$stmt->fetch(PDO::FETCH_ASSOC);

            if($stmt->rowCount() == 1)
            {
                if($userRow['userStatus']=="Y")
                {
                    if($userRow['password']==md5($upass))
                    {
                        $_SESSION['userSession'] = $userRow['UCODE'];
                        return true;
                    }
                    else
                    {
                        header("Location: index.php?error");
                        exit;
                    }
                }
                else
                {
                    header("Location: index.php?inactive");
                    exit;
                }   
            }
            else
            {
                header("Location: index.php?error");
                exit;
            }       
        }
    catch(PDOException $ex)
    {
        echo $ex->getMessage();
    }
}

any help would really be appreciated

回答1:

Look at your named placeholders:

(:User_Name, :billingemail, :password, :purchasedata, :active_code)

and

        $stmt->bindparam(":user_name",$uname);
        $stmt->bindparam(":user_mail",$email);
        $stmt->bindparam(":user_pass",$password);
        $stmt->bindparam(":active_code",$code);
        $stmt->bindparam(":purchasedata",$purchasedata);
  • They don't match.

Each named placeholder must match and in lettercase.

Example:

:user_name and :User_Name are not the same.

so here:

(:user_name, :user_mail, :user_pass, :purchasedata, :active_code)

The manual is rather explicit on this:

  • http://php.net/manual/en/pdo.prepared-statements.php

and don't go live with this in using MD5, it's no longer safe.

Use password_hash():

  • http://php.net/manual/en/function.password-hash.php

Check for errors:

  • http://php.net/manual/en/pdo.error-handling.php
  • http://php.net/manual/en/function.error-reporting.php

and make sure your column names are correct and lettercase could be a factor.



标签: php mysql prepared-statement
举报

收藏的人(0)

Ta的文章 更多文章
登录 后发表评论
0条评论
还没有人评论过~