class User{
protected $pdo;
function __construct($pdo){
$this->pdo = $pdo;
}
public function checkInput($var){
$var = htmlspecialchars($var);
$var = trim($var);
$var = stripcslashes($var);
return $var;
}
这是我检查表的代码
public function login ($email, $password){
$stmt = $this->pdo->prepare("SELECT 'user_id' FROM 'users' WHERE 'email' = :email AND 'password' = :password ");
$stmt ->bindParam(":email", $email, PDO::PARAM_STR);
$hashed_pass = md5($password);
$stmt ->bindParam(":password", $hashed_pass , PDO::PARAM_STR);
$stmt ->execute();
$user = $stmt->fetch(PDO::FETCH_OBJ);
$count = $stmt->rowCount();
在这里,我试图将用户重定向到首页,但不重新加载
if ($count > 0) {
$_SESSION['user_id'] = $user ->user_id;
header('Location: home.php');
}else{
return false;
}
} }
这是有条件的登录代码
if(isset($_POST['login']) && !empty($_POST['login'])) {
$email = $_POST['email'];
$password = $_POST['password'];
if (!empty($email) or !empty($password)) {
$email = $getFromU->checkInput($email);
$password = $getFromU->checkInput($password);
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$error = "Invalid Format";
}else{
if($getFromU->login( $email, $password) === false){
$error = "The email or password is incorrect!!!!";
}
}
}else{
$error = "please valid enter username and password!";
}
}
我在哪里弄错我感到困惑....
答案 0 :(得分:-2)
对于SQL查询中的列和表名,应使用反引号(`)而不是撇号('):
$stmt = $this->pdo->prepare("SELECT `user_id` FROM `users` WHERE `email` = :email
AND `password` = :password ");