php 4 -> MySQL

Thanks Tutorial!

用户注册

index.php

<!DOCTYPE html>
<html lang="en">
<head>
  <meta charset="UTF-8">
  <meta name="viewport" content="width=device-width, initial-scale=1.0">
  <title>Document</title>
</head>
<body>

  <!-- communicate to database ,用户注册 example -->

  <h3>Signup</h3>
  <form action="includes/user-sign-in.inc.php" method="post">
    <input type="text" name="username" placeholder="Username">
    <input type="password" name="pwd" placeholder="Password">
    <input type="text" name="email" placeholder="E-Mail">
    <button>Signup</button>
  </form>
  
</body>
</html>

user-sign-in.inc.php

<?php

if ($_SERVER['REQUEST_METHOD'] == 'POST') {
  $userName = $_POST['username'];
  $pwd = $_POST['pwd'];
  $email = $_POST['email'];
  // 因为不向 explorer 输出,所以 htmlspecialchars() 函数不是必须的 
  
  try {
    require_once 'dbh.inc.php';
    // require 的作用是包含并运行指定文件的代码
    // require_once 和 require 的区别在于,require_once 会检查文件是否已经被包含过,如果是则不会再次包含,防止重复包含导致的错误
    // require 与 include 的区别在于,require 在找不到文件时会抛出错误,而 include 只会产生警告并继续执行脚本

/* 写法1:non-named parameters */

    $query = "INSERT INTO users (username, pwd, email) VALUES (?, ?, ?)";
    // 准备一个 SQL 语句,none-nameed parameters 用问号表示占位符

    $stmt = $pdo->prepare($query);
    // prepare 方法用于准备 SQL 语句,防止 SQL 注入攻击
    $stmt->execute([$userName, $pwd, $email]);
    // execute 方法执行预处理的语句,数组依次传参给问号。

    unset($stmt);// 及时释放资源
    unset($pdo);

    // 也可以 $stmt = null; $pdo = null;

    header("Location: ../test4.php?signup=success");
    
    die("success!");

/* 写法2:named parameters */

    $query2 = "INSERT INTO users (username, pwd, email) VALUES (:username, :pwd, :email)";
    // 准备一个 SQL 语句,named parameters 用冒号加名字表示占位符

    $stmt2 = $pdo->prepare($query2);
    // prepare 方法用于准备 SQL 语句,防止 SQL 注入攻击

    /*

    $stmt2->bindParam(':username', $userName);
    $stmt2->bindParam(':pwd', $pwd);
    $stmt2->bindParam(':email', $email);
      bindParam 方法绑定参数

    $stmt2->execute();
      execute 方法执行预处理的语句,不用写别的了   

    */

    $stmt2->execute([
      ':username' => $userName,
      ':pwd' => $pwd,
      ':email' => $email
    ]);
    // 或者在 exexute 时关联变量给 parameters

    unset($stmt2);unset($pdo);
    header("Location: ../test4.php?signup=success");
    die("success!");
  } catch (PDOException $e) {
    die("Error: " . $e->getMessage());
    // die 函数输出信息并终止脚本
  }
} 
else {
  header("Location: ../test4.php");
  // 注意有一个空格
  exit();
}

修改删除用户

index.php

<!DOCTYPE html>
<html lang="en">
<head>
  <meta charset="UTF-8">
  <meta name="viewport" content="width=device-width, initial-scale=1.0">
  <title>Document</title>
</head>
<body>

   <!-- communicate to database -->

  <h3>Change account</h3>
  <form action="includes/user-change.inc.php" method="post">
    <input type="text" name="oldUsername" placeholder="Old Username">
    <input type="text" name="newUsername" placeholder="New Username">
    <input type="password" name="pwd" placeholder="Password">
    <input type="text" name="email" placeholder="E-Mail">
    <button>Update</button>
  </form>

  <h3>Delete account</h3>
  <form action="includes/user-delete.inc.php" method="post">
    <input type="text" name="username" placeholder="Username">
    <input type="password" name="pwd" placeholder="Password">
    <button>Delete</button>
  </form>

</body>
</html>

user-change.inc.php

<?php

if ($_SERVER['REQUEST_METHOD'] == 'POST') {
  
  $oldUsername = $_POST['oldUsername'];
  $newUsername = $_POST['newUsername'];
  $pwd = $_POST['pwd'];
  $email = $_POST['email'];
  
  try {
    require_once 'dbh.inc.php';

  /* 写法2:named parameters */

    $query2 = "UPDATE users SET username = :newUsername, pwd = :pwd, email = :email WHERE username = :oldUsername";

    $stmt2 = $pdo->prepare($query2);

    $stmt2->execute([
      ':newUsername' => $newUsername,
      ':pwd' => $pwd,
      ':email' => $email,
      ':oldUsername' => $oldUsername
    ]);

    unset($stmt2);unset($pdo);
    header("Location: ../test5.php?signup=success");

    die("success!");

  } catch (PDOException $e) {
    die("Error: " . $e->getMessage());
  }
} 
else {
  header("Location: ../test5.php");
  exit();
}

user-delete.inc.php

<?php

if ($_SERVER['REQUEST_METHOD'] == 'POST') {
  
  $userName = $_POST['username'];
  $pwd = $_POST['pwd'];
  
  try {
    require_once 'dbh.inc.php';

  /* 写法2:named parameters */

    $query2 = "DELETE FROM users WHERE username = :username AND pwd = :pwd";

    $stmt2 = $pdo->prepare($query2);

    $stmt2->execute([
      ':username' => $userName,
      ':pwd' => $pwd,
    ]);

    unset($stmt2);unset($pdo);
    header("Location: ../test5.php?signup=success");

    die("success!");

  } catch (PDOException $e) {
    die("Error: " . $e->getMessage());
  }
} 
else {
  header("Location: ../test5.php");
  exit();
}
posted @ 2026-02-15 19:15  hm2ns  阅读(1)  评论(0)    收藏  举报