已更新...
我正在编写准备好的语句,但收到以下错误消息:
注意:未定义的索引:用户名在 C:''Program Files (x86(''EasyPHP-12.1''www''inlogg_och_lagar''core.inc.php 在第 34 行
致命错误:未捕获的异常"PDOException",消息为"SQLSTATE[42000]":语法错误或访问冲突:1064 您的 SQL 语法有错误;请查看与您的 MySQL 服务器版本对应的手册,了解在 C:''Program Files (x86(''EasyPHP-12.1''www''inlogg_och_lagar''core.inc.php:34 中第 1 行"附近使用的正确语法 堆栈跟踪: #0 C:''Program Files (x86(''EasyPHP-12.1''www''inlogg_och_lagar''core.inc.php(34(: PDOStatement->execute(Array( #1 C:''Program Files (x86(''EasyPHP-12.1''www''inlogg_och_lagar''index.php(23(: getuserrow('username'( #2 {main} 在 C:''Program Files (x86(''EasyPHP-12.1''www''inlogg_och_lagar''core.inc.php 在第 34 行抛出
有人可以告诉我我做错了什么吗?这是一个简单的登录脚本。
这是loginform.inc.php
<?php
if (isset($_POST['username'])&&isset($_POST['password'])) {
$username = $_POST['username'] ;
$password = $_POST['password'] ;
$password_hash = md5 ($password);
if ($username && $password)
{
$query ="SELECT * FROM USERDATA where `username` = :username AND `password` = :password";
$stmt = $pdo->prepare($query);
$stmt->execute(array(
':username' => $_POST['username'],
':password' => $password_hash
));
$row = (bool) $stmt->fetch();
if (!$rows)
{
echo '<p class="warning">Fel användarnamn/lösenords kombination.</p>';
} else {
$_SESSION['user_id'] = $row;
header('Location: index.php');
exit;
}
} else {
echo '<p class="warning">Du måste fylla i ett användarnamn och lösenord</p>';
}
}
?>
<!--- LOGIN FORM --->
<div id="form-column">
<p>You need to be loggedin.</p>
<p>Fill out username and password.</p>
<form action="<?php echo $current_file; ?>" method="POST">
Användarnamn: <input type="text" name="username">
Lösenord: <input type="password" name="password">
<input type="submit" value="Log in">
</form>
</div>
这是核心.inc.php
<?php
ob_start();
session_start();
$current_file = $_SERVER['SCRIPT_NAME'];
if (isset($_SERVER['HTTP_REFERER'])&&!empty($_SERVER['HTTP_REFERER'])) {
$http_referer = $_SERVER['HTTP_REFERER'];
}
function loggedin () {
if (isset($_SESSION['user_id'])&&!empty($_SESSION['user_id'])) {
return true;
} else {
return false;
}
}
function getuserrow ($row) {
$sql ="SELECT * FROM USERDATA where id = ?".$_SESSION['user_id']."'";
global $pdo;
$stmt = $pdo->prepare($sql);
$stmt->execute(array($_POST['username']));
$row = $stmt->fetch();
}
?>
这是connect.inc.php
<?php
$dsn = "mysql:host=localhost;dbname=users;charset=utf8";
$opt = array(
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC
);
$pdo = new PDO($dsn,'root','', $opt);
?>
您的 PDO 对象被定义为 $pdo ,但后来被引用为 $dbh :
-
从
connect.inc.php:$pdo = new PDO($dsn,'root','', $opt); -
从
loginform.inc.php:global $dbh; // ... $stmt = $dbh->prepare($sql);
此外,loginform.inc.php似乎不包括connect.inc.php。
您在 $stmt->execute(array($_POST['username'])) 处缺少第二个参数它应该是
$sql ="SELECT * FROM USERDATA where username = ? AND password = ?";
$stmt = $pdo->prepare($sql);
$stmt->execute(array($_POST['username'], md5($_POST['password'])));//<== here
替换这个,
global $pdo; // <- You don't need this one
$sql ="SELECT * FROM USERDATA where username = ? AND password = ?";
$stmt = $pdo->prepare($sql);
$stmt->execute(array($_POST['username']));
$row = $stmt->fetch();
跟
$query ="SELECT * FROM USERDATA where `username` = :username AND `password` = :password";
$stmt = $pdo->prepare($query);
$stmt->execute(array(
':username' => $_POST['username'],
':password' => $password_hash
));
$row = (bool) $stmt->fetch();
为了避免这种情况,您最好坚持使用命名占位符而不是未命名占位符(如?(。