首先,这与登录有关
我正在尝试将数据库中的值存储到我的$_SESSSION变量中。起初,我尝试选择username=user和password=password等所有行
如果它返回>0,那么我尝试获取(PDO::fetch_ASSOC)以获取它的行。问题是,尽管它返回>0,但FETCH_ASSOC
不会将值返回给我。
以下是我迄今为止所做的尝试。
<?php
if(isset($_POST['btn_Save'])){
$uname = $_POST['username'];
$pword = $_POST['password'];
$q = "SELECT * FROM `users` WHERE `username` = :username AND `password` = :password";
$sql = $db->prepare($q);
$sql->bindParam(":username",$uname);
$sql->bindParam(":password",$pword);
$sql->execute();
$rows = $sql->fetch(PDO::FETCH_NUM);
if($rows > 0){
$rows2 = $sql->fetch(PDO::FETCH_ASSOC);
echo $rows2['userID'];
$_SESSION['account'] = $rows2['userID'];
$_SESSION['name'] = $rows2['firstName'];
//echo" <meta http-equiv='refresh' content='0;url=index.php'>";
}
else{
echo"<script>alert('No user found!');</script>";
// echo" <meta http-equiv='refresh' content='0;url=index.php'>";
}
PDO::FETCH_NUM:
返回按结果中返回的列编号编制索引的数组设置,从第0列开始
所以不能将你的数组与低于的if条件进行比较
$rows = $sql->fetch(PDO::FETCH_NUM);
if($rows > 0){
在您的代码中,您正在尝试fetch data two times
。你可以在单次中完成
将其用作
$q = "SELECT * FROM `users` WHERE `username` = :username AND `password` = :password";
$sql = $db->prepare($q);
$sql->bindParam(":username", $uname);
$sql->bindParam(":password", $pword);
$sql->execute();
$rows2 = $sql->fetch(PDO::FETCH_ASSOC);
if (count($rows2) > 0) {
$_SESSION['account'] = $rows2['userID'];
$_SESSION['name'] = $rows2['firstName'];
//echo" <meta http-equiv='refresh' content='0;url=index.php'>";
} else {
echo"<script>alert('No user found!');</script>";
// echo" <meta http-equiv='refresh' content='0;url=index.php'>";
}
阅读rowCount
此外,您正在将普通密码存储到数据库中
读取密码散列技术
http://php.net/manual/en/function.password-hash.php
http://php.net/manual/en/faq.passwords.php