我通常会检查空结果:mysql_fetch_assoc
但是,我正在使用PDO作为客户端,在这个登录函数中,我想返回一些文本或数字或布尔值来表示是否找到了一行。
public function Login ($email,$password)
{
$sqlQuery="SELECT * FROM db_user WHERE email= '".$email."' AND password='".$password." '";
$statement = $this->_dbHandle->prepare($sqlQuery); // prepare a PDO statement
$statement -> execute();
$dataSet= [];
if(mysql_num_rows($statement) == 1){
echo 'login true';
} else {
echo 'login false';
}
答案 0 :(得分:2)
其他两个答案基本上都是不可接受的 并不是因为他们缺乏清洁,而是因为他们非常危险
public function Login ($email,$password)
{
$sql="SELECT 1 FROM db_user WHERE email=? AND password=?";
$stmt = $this->_dbHandle->prepare($sql);
$statement -> execute([$email, $password]);
return $stmt->fetchColumn();
}
你应该使用准备好的陈述,而不仅仅是模仿它们。
答案 1 :(得分:0)
$sqlQuery="SELECT * FROM db_user WHERE email= '".$email."' AND password='".$password." '";
$statement = $this->_dbHandle->prepare($sqlQuery); // prepare a PDO statement
$statement -> execute();
$rows = $statement ->fetch(PDO::FETCH_ASSOC);
if( ! $rows)
{
die('Empty Records');
}
答案 2 :(得分:0)
$sqlQuery= "SELECT * FROM db_user WHERE email= ? AND password= ?";
$statement = $this->_dbHandle->prepare($sqlQuery); // prepare a PDO
// pass parameter to tackle [SQL Injection][1]
$stmt->execute(array($email, $password));
$result = $stmt->fetch();
if( $result ) {
echo "login true";
}else{
echo "login false";
}