【发布时间】:2018-09-11 12:40:30
【问题描述】:
我正在考虑基于 OOP 的 PDO 登录表单。我遇到了上面给出的错误。所以我有两个文件,一个是 login.php,一个是名为 functions.inc.php
的包含文件login.php的代码如下。
<?php
include_once("includes/functions.inc.php");
// get username and password from $_POST
if(!empty($_POST)){
$username = $_POST['email'];
$password = $_POST['password'];
// check if a user can login (function)
if(canilogin($username, $password)){
session_start();
$_SESSION['username'] = $username;
$_SESSION['loggedin'] = true;
header('Location: index.php');
}
else{
$error = true;
// if no -> $error tonen
}
}
?><!DOCTYPE html>
<html lang="en">
<body class="login">
<div class="grid container_login">
<div class="login_grid">
<form class="form_login" action="" method="post">
<?php if( isset($error) ): ?>
<div class="form__error">
<p>
Sorry, we can't log you in with that email address and password. Can you try again?
</p>
</div>
<?php endif;?>
<div>
<label for="email">EMAIL</label><br/>
<input type="text" id="email" name="email" placeholder="Lucasdebelder@snapshot.be" required>
</div>
<div>
<label for="password">PASSWORD</label><br/>
<input type="password" id="password" name="password" placeholder="Atleast 8 characters" required>
</div>
<div>
<input type="submit" value="LOG IN" class="btn_login">
</div>
<p class="center_align">Or</p>
<br/>
<a class="center_align" href="register.php">Register here.</a>
</form>
</div>
</body>
</html>
以及发生错误的functions.inc.php,准确地说,它发生在if($result->num_rows != 1){。
前几行也是之前的行,但它是用真正的转义字符串完成的,以防止 SQL 注入,但这有点古怪,我决定尝试将其重新设计为 PDO。
<?php
function canilogin( $username, $password){
/* THIS IS THE OLD WAY THAT WORKED/WORKS
$conn = new mysqli("localhost", "root", "root", "snapshot");
$query = "select * FROM users WHERE email='".$conn->real_escape_string($username). "'";
$result = $conn->query($query);
*/
$conn = new PDO('mysql:host=localhost; dbname=snapshot', 'root', 'root');
//$query = "select * FROM users WHERE email='".$conn->real_escape_string($username). "'";
$statement = $conn->prepare("select * from users where email = :username");
$statement->bindValue(':username', $username);
$statement->execute();
$result = $statement->execute();
if($result->num_rows != 1){
return false;
}
$user = $result->fetch_assoc();
if(password_verify($password, $user['password'])){
return true;
}
else{
return false;
}
}
?>
【问题讨论】:
-
if(!empty($_POST)){是不充分的检查。你不应该execute两次。请务必将所有函数转换为 pdo。 -
你试过 rowCount() 代替 num_rows 吗?
-
PHP PDO - Num Rows的可能重复
-
@mickmackusa 我如何在我的代码中实现它?我还需要将哪些函数转换为 PDO?
-
请将 session_start 放在脚本的最开头(无条件)。在您的 canilogin 函数中实施错误检查。使用重复链接,阅读有关 pdo 的 php 手册,实施我之前的建议,并使用新的失败尝试更新您的问题。发布您的错误。这是任何需要修复代码的开发人员的标准做法。
标签: php pdo login session-cookies