$register_data = array(
'username' => $_POST['username'],
'password' => $_POST['password'],
'first_name' => $_POST['first_name'],
'last_name' => $_POST['last_name'],
'email' => $_POST['email']
);
//insert user data to database.
public function register_user($register_data){
$pdo = PDO2::getInstance();
$register_data['password'] = md5($register_data['password']);
$field_names = array_keys($register_data);
$sql = "INSERT INTO $this->table ";
/* * * set the field names ** */
$fields = '(`' . implode('` , `', $field_names) . '`)';
/* * * set the placeholders ** */
$bound = '(:' . implode(', :', $field_names) . ')';
/* * * put the query together ** */
$sql .= $fields . ' VALUES ' . $bound;
echo $sql;
//bindValue to prevent Hack by SQL injection
$req = $pdo->prepare($sql);
foreach ($register_data as $key=>$value){
$req->bindParam(":$key", $value);
//echo ":$key".'='.$value."<br>";
}
$req->execute();
$req->closeCursor();
}
我的方法有什麼問題,因爲所有字段值在插入時都是email。使用PDO有什麼問題
感謝
不要使用'md5'進行密碼散列。這是完全破碎的。還回顯查詢,看看發生了什麼,而不是猜測發生了什麼。 – PeeHaa 2013-03-03 11:22:37
http://php.net/manual/en/faq.passwords.php - 爲什麼通過數組匿名注入參數?爲什麼db對象不是'register_user'所屬的對象的私有/受保護成員?這是所有很多錯誤情況,我沒有看到檢查。 – hakre 2013-03-03 11:23:36
嘗試在foreach之外重複bindParam並查看它是否有效? – 2013-03-03 11:28:40