Php PDO脚本以获取无法工作的行数?
我是PDO PHP新手(今天刚开始)。我也在尝试编写登录函数,但返回false,即使我知道凭据是正确的 我认为这是试图得到的行数是绊倒脚本,你能帮助吗Php PDO脚本以获取无法工作的行数?,php,oop,pdo,Php,Oop,Pdo,我是PDO PHP新手(今天刚开始)。我也在尝试编写登录函数,但返回false,即使我知道凭据是正确的 我认为这是试图得到的行数是绊倒脚本,你能帮助吗 function check_login($email, $username, $password) { $host = 'localhost'; $port = 3306; $database = 'example'; $username = 'root'; $password = ''; $d
function check_login($email, $username, $password)
{
$host = 'localhost';
$port = 3306;
$database = 'example';
$username = 'root';
$password = '';
$dsn = "mysql:host=$host;port=$port;dbname=$database";
$db = new PDO($dsn, $username, $password);
$password = md5($password);
$statement = $db->prepare("SELECT * FROM users WHERE email = ? or username = ? and password = ?");
$statement->execute(array($email, $username, $password));
while ($result = $statement->fetchObject()) {
$sql = "SELECT count(*) FROM users WHERE email = ? or username = ? and password = ?";
$result1 = $db->prepare($sql);
$result1->execute(array($email, $username, $password));
$number_of_rows = $result1->fetchColumn();
if ($number_of_rows == 1)
{
$_SESSION['login'] = true;
$_SESSION['uid'] = $result->uid;
return TRUE;
}
else
{
return FALSE;
}
}
}
WHERE email = ? or username = ? and password = ?
。。。等于:
WHERE email = ? or (username = ? and password = ?)
。。。由于这意味着,如果您使用电子邮件地址进行验证,则无需提供有效密码即可登录username
和email
应定义为唯一索引将返回,那么在时使用循环是没有意义的。这可能有效,但令人困惑
$statement = $db->prepare('SELECT uid FROM users WHERE (email = ? or username = ?) and password = ?');
$statement->execute(array($email, $username, $password));
if ($result = $statement->fetchObject()) {
$_SESSION['login'] = true;
$_SESSION['uid'] = $result->uid;
return TRUE;
}else{
return FALSE;
}
编辑:顺便说一句,您不应该以纯文本形式存储密码。无数的网站被黑客入侵,密码被盗。谷歌搜索咸密码
WHERE email = ? or username = ? and password = ?
。。。等于:
WHERE email = ? or (username = ? and password = ?)
。。。由于这意味着,如果您使用电子邮件地址进行验证,则无需提供有效密码即可登录username
和email
应定义为唯一索引将返回,那么在时使用循环是没有意义的。这可能有效,但令人困惑
$statement = $db->prepare('SELECT uid FROM users WHERE (email = ? or username = ?) and password = ?');
$statement->execute(array($email, $username, $password));
if ($result = $statement->fetchObject()) {
$_SESSION['login'] = true;
$_SESSION['uid'] = $result->uid;
return TRUE;
}else{
return FALSE;
}
编辑:顺便说一句,您不应该以纯文本形式存储密码。无数的网站被黑客入侵,密码被盗。谷歌搜索咸密码