我最近刚开始玩php,我正在测试我的新知识,试图使用数据库制作一个简单的登录页面来存储用户名和密码。一切都很顺利,但我遇到了一堵巨大的墙!出于某种原因,即使我在phpmyadmin中运行sql查询,我的fetch方法$result = $stmt->fetch();也没有返回任何结果,它返回一行就可以了!这与我从表单或加密获取输入的方式有关吗?
这是我的完整代码。谢谢大家温柔,我是全新的哈哈
<?php
include 'inc/db.inc.php';
$link = new PDO(DB_INFO, DB_USER, DB_PASS);
?>
<!DOCTYPE html>
<!--[if lt IE 7]> <html class="no-js lt-ie9 lt-ie8 lt-ie7" lang="en"> <![endif]-->
<!--[if IE 7]> <html class="no-js lt-ie9 lt-ie8" lang="en"> <![endif]-->
<!--[if IE 8]> <html class="no-js lt-ie9" lang="en"> <![endif]-->
<!--[if gt IE 8]><!--> <html class="no-js" lang="en"> <!--<![endif]-->
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
<title></title>
<meta name="description" content="">
<meta name="viewport" content="width=device-width">
<link rel="stylesheet" href="css/style.css">
<script src="js/libs/modernizr-2.5.3.min.js"></script>
</head>
<body>
<?php
if($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['register'])) {
$sql = "INSERT INTO account (account_name, account_pass) VALUES (:name, :pass)";
$stmt = $link->prepare($sql);
$stmt->bindParam(':name', $name);
$stmt->bindParam(':pass', $pass);
$name = $_POST["username"];
$pass = md5($_POST["password"]);
$stmt->execute();
echo "Thank you for registering!";
} else if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['login'])) {
$sql = "SELECT account_name, account_pass FROM account WHERE account_name=:name AND account_pass=:pass";
$stmt = $link->prepare($sql);
$stmt->bindParam(':name', $name, PDO::PARAM_STR);
$stmt->bindParam(':pass', $pass, PDO::PARAM_STR);
$pass = strip_tags(md5($_POST["password"]));
$name = strip_tags($_POST["username"]);
$stmt->execute();
$result = $stmt->fetch();
print_r($result);
if(empty($name) || empty($pass)){
echo "please enter a username and password!";
} else {
if(empty($result)){
echo "yes";
} else {
echo "no";
}
}
} else {
?>
<form method="post" action="test.php">
<label for="username">Username: </label>
<input type="text" name="username" />
<label for="password">Password: </label>
<input type="password" name="password" />
<input type="submit" name="login" value="Login" />
<input type="submit" name="register" value="register" />
</form>
<?php } ?>
</body>
</html>
您正在对尚未设置的变量使用 $stmt->bindParam。 像这样调整代码:
$sql = "SELECT account_name, account_pass FROM account WHERE account_name=:name AND account_pass=:pass";
$pass = strip_tags(md5($_POST["password"]));
$name = strip_tags($_POST["username"]);
$stmt = $link->prepare($sql);
$stmt->bindParam(':name', $name, PDO::PARAM_STR); // $name needs to be set before this
$stmt->bindParam(':pass', $pass, PDO::PARAM_STR); // $pass needs to be set before this
$stmt->execute();
$result = $stmt->fetch();
print_r($result);
在
绑定参数之前,您不必设置变量吗?
$pass = strip_tags(md5($_POST["password"]));
$name = strip_tags($_POST["username"]);
$stmt->bindParam(':name', $name, PDO::PARAM_STR);
$stmt->bindParam(':pass', $pass, PDO::PARAM_STR);
你有一个非常有趣的做事方式。 嘿。
我只会做这样的事情
$resource = mysql_query($sql);
if(!$resource){
die("query error: ".mysql_error());
}
$count = mysql_num_rows($resource);
if($count > 0){
//match found.
}else{
//incorrect login.
}
也许我只是不习惯你的语法