我创建了一个小的登录结构:
如果您已将数据写入字段,则会收到一个用于确认帐户的链接。例如 confirm.php?email=a@a.com当您访问该链接时,将执行以下代码:
$sql = mysqli_connect("localhost", "name", "password");
mysqli_select_db($sql, "db");
$set_active = "UPDATE `users` SET `active` = 1 WHERE `email` = ".$_GET['email']."";
mysqli_query($sql, $set_active);
mysqli_close($sql);
但在那之后,活动值仍然是 0,就像 deafult 一样。
用户表:电子邮件 (varchar 100) 活动 (int 1)a@a.com 0
使用预准备语句:
$stmt = mysqli_prepare($sql, "UPDATE `users` SET `active` = 1 WHERE `email` = ?") or die(mysqli_error($sql));
mysqli_bind_param($stmt, "s", $_GET['email']);
mysqli_stmt_execute($stmt) or die(mysqli_error($sql));
$set_active = "UPDATE `users` SET `active` = 1 WHERE `email` = '".$_GET['email']."'";
您错过了电子邮件中的'
。所以查询是错误的。要检查,请执行以下操作:
echo("UPDATE `users` SET `active` = 1 WHERE `email` = ".$_GET['email']."");
这将为您提供错误。
事物在双引号中进行评估,但不能在单引号中计算
改变
set_active = "UPDATE `users` SET `active` = 1 WHERE `email` = ".$_GET['email']."";
自
set_active = "UPDATE `users` SET `active` = 1 WHERE `email` = '".$_GET['email']."'";