带有查询和PDO使用的PHP语法
我试图创建一个php登录文件,用于查询SQL数据库中的正确用户名和密码。当我从带有查询和PDO使用的PHP语法,php,mysql,sql,pdo,Php,Mysql,Sql,Pdo,我试图创建一个php登录文件,用于查询SQL数据库中的正确用户名和密码。当我从dao.php调用我的方法时,我的checklogin.php似乎挂起。我有一个register.php,它可以很好地与我的dao.php配合使用。下面是我所有的代码。我相信我的问题来自dao.php中的getUser()函数 checklogin.php: <?php require_once "DAO.php"; $dao = new DAO(); // Get data from f
dao.php
调用我的方法时,我的checklogin.php
似乎挂起。我有一个register.php
,它可以很好地与我的dao.php
配合使用。下面是我所有的代码。我相信我的问题来自dao.php
中的getUser()函数
checklogin.php:
<?php
require_once "DAO.php";
$dao = new DAO();
// Get data from form POST
$username = (isset($_POST["username"])) ? $_POST["username"] : "";
$password = (isset($_POST["password"])) ? $_POST["password"] : "";
// MySQL Injection Protection Section (the rhymez)
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
// End protection
//echo $username;
//echo $password;
//echo $dao->getUser($username, $password);
if(!$dao->getUser($username, $password)){
//echo "Wrong usernamer or password";
header("location: login.html");
}
else{
//echo "Logic successful";
header("location: index.php");
}
?>
checklogin.php:
<?php
require_once "DAO.php";
$dao = new DAO();
// Get data from form POST
$username = (isset($_POST["username"])) ? $_POST["username"] : "";
$password = (isset($_POST["password"])) ? $_POST["password"] : "";
// MySQL Injection Protection Section (the rhymez)
$username = stripslashes($username);
$password = stripslashes($password);
// End protection
// Failure
if($dao->getUser($username, $password)){
header("location: login.html");
}
// Successful login
else{
header("location: index.php");
}
?>
<?php
require_once "DAO.php";
require_once "pdo.php";
$dao = new DAO($pdo);
if(isset($_POST["username"]) && $dao->getUser($_POST["username"], $_POST["password"]))
{
header("location: index.php");
} else {
header("location: login.html");
}
谢谢大家的帮助。这段代码有太多错误,需要一周时间来解释所有错误、错误做法和迷信。所以,只有代码
class DAO {
function __construct($pdo) {
$this->db = $pdo;
}
public function registerUser($username, $password, $email, $name) {
$sql = "INSERT INTO users(login, pass, email, fname) VALUES (?, ?, ?, ?)";
$stm = $this->db->prepare($sql);
$stm->execute(func_get_args());
}
public function getUser($username, $password){
$sql = "SELECT id,password FROM users where login=?";
$stm = $this->db->prepare($sql);
$stm->execute([$username]);
$row = $stm->fetch();
if (password_verify($password, $row['password'])) {
$_SESSION['user'] = $row['id'];
return TRUE;
}
}
}
checklogin.php:
<?php
require_once "DAO.php";
$dao = new DAO();
// Get data from form POST
$username = (isset($_POST["username"])) ? $_POST["username"] : "";
$password = (isset($_POST["password"])) ? $_POST["password"] : "";
// MySQL Injection Protection Section (the rhymez)
$username = stripslashes($username);
$password = stripslashes($password);
// End protection
// Failure
if($dao->getUser($username, $password)){
header("location: login.html");
}
// Successful login
else{
header("location: index.php");
}
?>
<?php
require_once "DAO.php";
require_once "pdo.php";
$dao = new DAO($pdo);
if(isset($_POST["username"]) && $dao->getUser($_POST["username"], $_POST["password"]))
{
header("location: index.php");
} else {
header("location: login.html");
}
不要在PDO中使用mysql\u real\u escape\u字符串。如果您使用了正确的参数,则不需要这样做,这实际上可能是问题的原因,尽管实际的“挂起”很奇怪。这个问题似乎与主题无关,因为它是关于转储所有代码而不将其调试为仅相关的位。复制了所有您拥有的,现在,我的register和login加载一个空白页面,其中URL分别为register.php和checklogin.php。我的注册表以前运行良好,但签入将是一个空白页。
<?php
require_once "DAO.php";
require_once "pdo.php";
$dao = new DAO($pdo);
if(isset($_POST["username"]) && $dao->getUser($_POST["username"], $_POST["password"]))
{
header("location: index.php");
} else {
header("location: login.html");
}
<?php
require_once "DAO.php";
require_once "pdo.php";
$dao = new DAO();
// this section is flawed too but I can't write ALL the app
$username = (isset($_POST["username"])) ? $_POST["username"] : die('Error: Username / Password field was blank');
$password = (isset($_POST["password"])) ? $_POST["password"] : header("location: index.php");
$email = (isset($_POST["email"])) ? $_POST["email"] : "";
$name = (isset($_POST["name"])) ? $_POST["name"] : "";
$dao->registerUser($username, $password, $email, $name);
header("location: appointment.php");
$dsn = "mysql:host=localhost;dbname=webdev;charset=utf8";
$opt = array(
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC
);
$pdo = new PDO($dsn,'root','secret', $opt);