Php PDO验证登录数据
好的。。我对PDO的东西完全陌生。。我已尝试将我的mysql脚本(工作)重新创建为PDO脚本(不工作)。。我已经测试了我的数据库登录信息是否正确编程用于PDO 这是我的PDO脚本Php PDO验证登录数据,php,mysql,sql,pdo,Php,Mysql,Sql,Pdo,好的。。我对PDO的东西完全陌生。。我已尝试将我的mysql脚本(工作)重新创建为PDO脚本(不工作)。。我已经测试了我的数据库登录信息是否正确编程用于PDO 这是我的PDO脚本 <? session_start(); //connect to DB require_once("connect.php"); //get the posted values $email=htmlspecialchars($_POST['email'],ENT_QUOTES); $pass=md5($_P
<?
session_start();
//connect to DB
require_once("connect.php");
//get the posted values
$email=htmlspecialchars($_POST['email'],ENT_QUOTES);
$pass=md5($_POST['psw']);
//now validating the email and password
$sql - $conn_business->prepare( "SELECT email, password FROM members WHERE email='".$email."'");
$sql -> execute();
$count = $sql->rowCount();
$result = $sql -> fetch();
// Now use $result['rowname'];
$stmt = $conn_business->prepare("SELECT * FROM members WHERE email='".$email."'");
$stmt ->execute();
$act = $stmt -> fetch();
//if email exists
if($count > 0)
{
//compare the password
if(strcmp($result["password"],$pass)==0)
{
// check if activated
if($act["activated"] == "0")
{
echo "act"; //account is not activated yet
}
else
{
echo "yes"; //Logging in
//now set the session from here if needed
$_SESSION['email'] = $email;
}
}
else
echo "no"; //Passwords don't match
}
else
echo "no"; //Invalid Login
?>
session_start();
require_once("connect.php");
//get the posted values
$email=htmlspecialchars($_POST['email'],ENT_QUOTES);
$pass=md5($_POST['psw']);
//now validating the username and password
$sql="SELECT email, password members WHERE email='".$email."'";
$result=mysql_query($sql);
$row=mysql_fetch_array($result);
$sql2="SELECT * FROM members WHERE email='".$email."'";
$result2=mysql_query($sql2);
$row2=mysql_fetch_array($result2);
$act = $row2['activated'];
//if username exists
if(mysql_num_rows($result)>0)
{
//compare the password
if(strcmp($row['password'],$pass)==0)
{
// check if activated
if($act == "0")
{
echo "act";
}
else
{
echo "yes";
//now set the session from here if needed
$_SESSION['email'] = $email;
}
}
else
echo "no";
}
else
echo "no"; //Invalid Login
然后我把$sql后面的“-”改为“=”,现在,一切都很完美。。。无论如何,谢谢大家。。希望此代码可以帮助其他人。我相信脚本中的第二个查询不是必需的,您可以简单地执行
SELECT * FROM members WHERE email=:EMAIL AND password=:PWS;
$qCredentials->bindParam(":EMAIL",$EMAIL);
$qCredentials->bindParam(":PWS",$PWS);
对于无效的值类型,请尝试“无法登录:提供的凭据无效”,对于无效的用户凭据,请尝试“无法登录:凭据无效,找不到用户”。
如果用户成功登录到您的IF条件并返回yes,您可以尝试启动会话,方法
$PDOstatement->debugDumpParams()
$PDOstatement->errorInfo()
$PDOstatement->errorCode()
将帮助您了解查询的错误 在“开始使用”PDO之前,您是否阅读了手册
- 这不是准备好的语句应该被使用的方式!您的代码中充满了SQL注入
- 为什么选择同一行两次
- 如果一个字符串与另一个字符串相同,则用于检查的是而不是
- 将密码散列为简单的MD5只是一个病态的笑话
session_start(); //very stupid way to acquire connection require_once("connect.php"); //get the posted values $email = htmlspecialchars($_POST['email'],ENT_QUOTES); if (filter_var( $email, FILTER_VALIDATE_EMAIL)) { // posted value is not an email } // MD5 is not even remotely secure $pass = md5($_POST['psw']); $sql = 'SELECT email, password, activated FROM members WHERE email = :email'; $statement = $conn_business->prepare($sql); $statement->bindParam(':email', $email, PDO::PARAM_STR); $output = 'login error'; if ($statement->execute() && $row = $statement->fetch()) { if ( $row['password'] === $pass ) { // use account confirmed if ( $row['activated'] !== 0 ) { $output = 'not activated'; $_SESSION['email'] = $email; } $output = 'logged in'; } } echo $output;