try {
$pdo = new PDO("mysql:host=$dbhost;dbname=$dbname", $dbusername, $dbpassword);
} catch (PDOException $e){
exit('Datebase error.');
}
// db login info is already defined, just didnt post it here
$username = $_GET["user"];
$password = $_GET["passwd"];
//$data = mysqli_query($mysqli, "SELECT * FROM users WHERE username='".$username."'");
//$hash = mysqli_fetch_object($data);
$query = "SELECT username, password, loginreqkey, banned FROM users WHERE username='$username'";
//if (password_verify('rasmuslerdorf', $hash)) {
if ($stmt = $pdo->prepare($query)) {
$stmt->execute(array($username, $password, $loginreqkey, $banned));
//$stmt->bind_result($username, $password, $loginreqkey, $gbanned);
// $result = $stmt->fetch(PDO::FETCH_LAZY);
//$dt = $stmt->fetchAll() ;
//$query->execute(array($username, $password));
if (password_verify($password, $result['password'])) {
while($r = $stmt->fetchAll(PDO::FETCH_ASSOC)){
echo "{";
echo '"state": "success",';
echo '"loginreqkey": "' . $r['loginreqkey'] . '",';
echo '"banstatus": "' . $r['banned'] . '"';
echo "}";
}
/* close statement */
$stmt = null;
} else {
die("fake pw lol");
}
/* close connection */
$pdo = null;
}
//}
尝试将我的代码从MySQLi转换为PDO并遇到问题......试图获取查询中的所有信息并验证用户密码,然后回显其余信息,(对于虚幻项目)尝试了PHP文档和Stackoverflow上的几个解决方案,但它们通常只是为了向MySQL服务器发送信息。
$username = $_GET["user"];
$password = $_GET["passwd"];
$pdo = new PDO("mysql:host=$dbhost;dbname=$dbname;charset=utf8", $dbusername, $dbpassword, array(
PDO::ATTR_ERRMODE=>PDO::ERRMODE_EXCEPTION // ....since there is no further error handling in the script
));
$stmt = $pdo->prepare("SELECT username, password, loginreqkey, banned FROM users WHERE username=:username");
$stmt->bindParam(':username', $username);
$stmt->execute();
$result = $stmt->fetch(PDO::FETCH_ASSOC);
if ($result && password_verify($password, $result['password'])) {
echo json_encode [
"state" => "success",
"loginreqkey" => $result['loginreqkey'],
"banstatus" => $result['banned'],
];
}
这就是我会怎么做。
只是为了完整起见:看起来您已经尝试通过 $stmt->execute(array(...))
绑定结果字段。这不是PDO的工作方式。
如果你想这样做,你必须使用PDOStatement::bindColumn,例如
$pdo = new PDO('mysql:host=localhost;dbname=test;charset=utf8', 'localonly', 'localonly', array(
PDO::ATTR_EMULATE_PREPARES=>false,
PDO::MYSQL_ATTR_DIRECT_QUERY=>false,
PDO::ATTR_ERRMODE=>PDO::ERRMODE_EXCEPTION
));
setup($pdo);
$username = $_GET["user"];
$password = $_GET["passwd"];
$query = sprintf(
"SELECT username, `password`, loginreqkey, banned FROM users WHERE username='%s'",
$pdo->quote($username)
);
$stmt = $pdo->query($query);
$stmt->bindColumn(1, $username);
$stmt->bindColumn(2, $password);
$stmt->bindColumn(3, $loginreqkey);
$stmt->bindColumn(4, $banned);
if ( !$stmt->fetch(PDO::FETCH_BOUND) ) {
noSuchRecordHandler();
}
else if (!password_verify($password, $result['password'])) {
wrongPasswordHandler();
}
else {
// would be "nice" if there was something like header('Content-type: application/json'); prior to sending the json data
echo json_encode([
"state" => "success",
"loginreqkey" => loginreqkey,
"banstatus" => $banned,
]);
}
但我建议按照SGR的答案进行操作。