通过PHP和PDO连接到SQL的正确方法

Question

这是一个连接到SQL数据库的Web服务器上托管的php文件。在创建账户功能的作品，但我有一次他们把in.Just更多的方面，我正在使用游戏制造商的http_get()函数获取值出表的问题：http://docs.yoyogames.com/source/dadiospice/002_reference/asynchronous%20functions/http_get.html

我的SQL表有4列：
P-ID - 自动递增主键
USER - 用户名值
PASS - 加密密码值
SaveString - 最重要的值，即我尝试从我创建的游戏访问的字符串。 这个系统有点工作，但我还是决定将其更改为PDO作为一个PHP新手

<?php 


    $mysql_server = "server"; 
    $mysql_username = "username"; 
    $mysql_password = "password"; 
    $mysql_database = "database"; 
    $mysql_table = "table"; 


    try{ 
     $conn = new PDO("mysql:host=$mysql_server;dbname=$mysql_database", $mysql_username, $mysql_password); 
     $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); 
    } catch(PDOException $e){ 
     echo "Couldn't connect to database"; 
    } 

    $f = $_GET['f']; //function operator 
    $puser = $_GET['puser']; 
    $pword = $_GET['pword']; 
    $pss = $_GET['pss']; 



    $salt = "supersecretsalt"; // Super secret encoder 
    $epword = crypt($pword,$salt); 


    function create_account($conn, $mysql_table, $puser, $epword, $pss) 
    { 
     try{ 
      $sql = "INSERT INTO $mysql_table (USER, PASS, SaveString) VALUES('$puser','$epword','$pss') "; 
      $conn->exec($sql); 
     } catch (PDOException $e){ 
      echo "exception connecting to server"; 
     } 
     $conn = null; 
    } 
    // This function will save information to an existing account 
    function save_info($conn, $mysql_table, $puser, $pword, $pss) 
    { 
     try{ 
      $sql = "UPDATE $mysql_table SET SaveString = $pss WHERE USER = '$puser'"; 
      $conn->exec($sql); 
     } catch (PDOException $e){ 
      echo "Save didn't work"; 
     } 
     $conn = null; 
    } 
    // This function will pull account information 
    function load_info($conn, $mysql_table, $puser, $epword) 
    { 
     try{ 
      $statement = $conn->prepare("SELECT * FROM $mysql_table WHERE USER = '$puser' AND PASS = '$epword'"); 
      $statement->execute(); 
      $row = $statement->fetch(); 
      echo $row['SaveString']; 
     } catch(PDOException $e){ 
      echo "0"; 
     } 
     $conn = null; 
    } 


    // This determines which function to call based on the $f parameter passed in the URL. 
    switch($f) 
    { 
     case na: create_account($conn, $mysql_table, $puser, $epword, $pss); break; 
     case sv: save_info($conn, $mysql_table, $puser, $epword, $pss); break; 
     case ld: load_info($conn, $mysql_table, $puser, $epword); break; 
    break; 
      default: echo"error"; 
    } 

    ?> 

Answer 1

您的switch语句的情况下，应在引号，因为它们都是字符串。您最近的case还有额外的break。试试这个，

switch($f) { 
    case 'na': 
      create_account($conn, $mysql_table, $puser, $epword, $pss); 
    break; 
    case 'sv': 
      save_info($conn, $mysql_table, $puser, $epword, $pss); 
    break; 
    case 'ld': 
      load_info($conn, $mysql_table, $puser, $epword); 
    break; 
    default: 
      echo "error"; 
} 

同样的$f的情况下是很重要的，如果它是NA它仍然会失败。为了确保它总是小写，你可以使用strtolower，http://php.net/strtolower，像这样switch(strtolower($f)) {。您还可替代放在多个案件，但似乎是一种浪费，例如，

case 'na': 
case 'NA': 

通过这种方法虽然nA和Na仍然没有入账。