PHP 准备好的陈述;奇怪的结果
PHP Prepared Statements; Weired Result
我尝试在 PHP 中实现新闻通讯功能。当用户在我们的网站上订阅时,会向他们发送一封验证电子邮件。如果他们已经订阅,他们会收到如下消息:"you have already subscribed" 或“电子邮件已注册,但未验证。电子邮件已重新发送。
function new_member($email,$list_id)
{
global $db;
$san_email = filter_var($email, FILTER_SANITIZE_EMAIL);
if (filter_var($san_email, FILTER_VALIDATE_EMAIL))
{
$hash = openssl_random_pseudo_bytes(10, $cstrong);
$qry = "SELECT COUNT(*),active,access_hash FROM ".MYSQL_PREFIX."mailing_list_member WHERE address = '?' AND list_id = ?";
var_dump($qry);
if ($stmt = $db->prepare($qry)) {
$stmt->bind_param("si", $san_email, $list_id);
$stmt->bind_result($count,$active,$db_hash);
$stmt->fetch();
$stmt->close();
} else {
echo "sendet query: <pre>".$qry."</pre>\n"."Antwort: ".$db->error;
}
if ($count==1) {
if ($active==1){
return "E-Mail-Addresse bereits angemeldet.";
} else {
send_verification_mail($san_email,$list_id,$db_hash);
return "E-Mail-Addresse bereits angemeldet, allerdings noch nicht bestätigt. Bestätigungsmail wurde erneut gesendet.";
}
} else {
$qry = "INSERT INTO ".MYSQL_PREFIX."mailing_list_member (address,list_id,access_hash) VALUES ('?',?,'?')";
if ($stmt = $db->prepare($qry)) {
var_dump($san_email);
$stmt->bind_param("sis", $san_email, $list_id, $hash);
$stmt->fetch();
$stmt->close();
send_verification_mail($san_email,$list_id,$hash);
return "Bestätigungsemail wurde erfolgreich an ".$san_email." gesendet.";
} else {
echo "sendet query: <pre>".$qry."</pre>\n"."Antwort: ".$db->error;
}
}
} else {
return "Keine gültige E-Mail-Addresse angegeben!";
}
}
为了测试目的,这个函数被这样调用(里面有一封大量邮件):
echo new_member('mail@example.com',1);
如果我这样做,邮件会发送到正确的电子邮件地址,但不会插入到数据库中。即使用户已经在数据库中,也会发送电子邮件。
?-占位符不需要用引号引起来,并且两个准备好的语句都缺少执行命令。第一个需要是:
$qry = "SELECT COUNT(*),active,access_hash FROM ".MYSQL_PREFIX."mailing_list_member WHERE address = ? AND list_id = ?";
if ($stmt = $db->prepare($qry)) {
$stmt->bind_param("si", $san_email,$list_id);
$stmt->execute();
$stmt->bind_result($count,$active,$db_hash);
$stmt->fetch();
$stmt->close();
}
第二个:
$qry = "INSERT INTO ".MYSQL_PREFIX."mailing_list_member (address,list_id,access_hash) VALUES (?,?,?)";
if ($stmt = $db->prepare($qry)) {
$stmt->bind_param("sis", $san_email, $list_id, $hash);
$stmt->execute();
send_verification_mail($san_email,$list_id,$hash);
$stmt->close();
return "Bestätigungsemail wurde erfolgreich an ".$san_email." gesendet.";
}
我尝试在 PHP 中实现新闻通讯功能。当用户在我们的网站上订阅时,会向他们发送一封验证电子邮件。如果他们已经订阅,他们会收到如下消息:"you have already subscribed" 或“电子邮件已注册,但未验证。电子邮件已重新发送。
function new_member($email,$list_id)
{
global $db;
$san_email = filter_var($email, FILTER_SANITIZE_EMAIL);
if (filter_var($san_email, FILTER_VALIDATE_EMAIL))
{
$hash = openssl_random_pseudo_bytes(10, $cstrong);
$qry = "SELECT COUNT(*),active,access_hash FROM ".MYSQL_PREFIX."mailing_list_member WHERE address = '?' AND list_id = ?";
var_dump($qry);
if ($stmt = $db->prepare($qry)) {
$stmt->bind_param("si", $san_email, $list_id);
$stmt->bind_result($count,$active,$db_hash);
$stmt->fetch();
$stmt->close();
} else {
echo "sendet query: <pre>".$qry."</pre>\n"."Antwort: ".$db->error;
}
if ($count==1) {
if ($active==1){
return "E-Mail-Addresse bereits angemeldet.";
} else {
send_verification_mail($san_email,$list_id,$db_hash);
return "E-Mail-Addresse bereits angemeldet, allerdings noch nicht bestätigt. Bestätigungsmail wurde erneut gesendet.";
}
} else {
$qry = "INSERT INTO ".MYSQL_PREFIX."mailing_list_member (address,list_id,access_hash) VALUES ('?',?,'?')";
if ($stmt = $db->prepare($qry)) {
var_dump($san_email);
$stmt->bind_param("sis", $san_email, $list_id, $hash);
$stmt->fetch();
$stmt->close();
send_verification_mail($san_email,$list_id,$hash);
return "Bestätigungsemail wurde erfolgreich an ".$san_email." gesendet.";
} else {
echo "sendet query: <pre>".$qry."</pre>\n"."Antwort: ".$db->error;
}
}
} else {
return "Keine gültige E-Mail-Addresse angegeben!";
}
}
为了测试目的,这个函数被这样调用(里面有一封大量邮件):
echo new_member('mail@example.com',1);
如果我这样做,邮件会发送到正确的电子邮件地址,但不会插入到数据库中。即使用户已经在数据库中,也会发送电子邮件。
?-占位符不需要用引号引起来,并且两个准备好的语句都缺少执行命令。第一个需要是:
$qry = "SELECT COUNT(*),active,access_hash FROM ".MYSQL_PREFIX."mailing_list_member WHERE address = ? AND list_id = ?";
if ($stmt = $db->prepare($qry)) {
$stmt->bind_param("si", $san_email,$list_id);
$stmt->execute();
$stmt->bind_result($count,$active,$db_hash);
$stmt->fetch();
$stmt->close();
}
第二个:
$qry = "INSERT INTO ".MYSQL_PREFIX."mailing_list_member (address,list_id,access_hash) VALUES (?,?,?)";
if ($stmt = $db->prepare($qry)) {
$stmt->bind_param("sis", $san_email, $list_id, $hash);
$stmt->execute();
send_verification_mail($san_email,$list_id,$hash);
$stmt->close();
return "Bestätigungsemail wurde erfolgreich an ".$san_email." gesendet.";
}