我最近刚刚开始使用php,我正在测试我的新知识,尝试使用数据库创建一个简单的登录页面来存储用户名和密码。一切进展顺利,但我遇到了一堵巨大的墙!由于某种原因,我的fetch方法$result = $stmt->fetch();
没有返回任何结果,即使我在phpmyadmin中运行sql查询它返回一行就好了!这与我从表单或加密中获取输入的方式有关吗?
这是我的完整代码。谢谢你们温柔我是这个哈哈的新手
<?php
include 'inc/db.inc.php';
$link = new PDO(DB_INFO, DB_USER, DB_PASS);
?>
<!DOCTYPE html>
<!--[if lt IE 7]> <html class="no-js lt-ie9 lt-ie8 lt-ie7" lang="en"> <![endif]-->
<!--[if IE 7]> <html class="no-js lt-ie9 lt-ie8" lang="en"> <![endif]-->
<!--[if IE 8]> <html class="no-js lt-ie9" lang="en"> <![endif]-->
<!--[if gt IE 8]><!--> <html class="no-js" lang="en"> <!--<![endif]-->
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
<title></title>
<meta name="description" content="">
<meta name="viewport" content="width=device-width">
<link rel="stylesheet" href="css/style.css">
<script src="js/libs/modernizr-2.5.3.min.js"></script>
</head>
<body>
<?php
if($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['register'])) {
$sql = "INSERT INTO account (account_name, account_pass) VALUES (:name, :pass)";
$stmt = $link->prepare($sql);
$stmt->bindParam(':name', $name);
$stmt->bindParam(':pass', $pass);
$name = $_POST["username"];
$pass = md5($_POST["password"]);
$stmt->execute();
echo "Thank you for registering!";
} else if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['login'])) {
$sql = "SELECT account_name, account_pass FROM account WHERE account_name=:name AND account_pass=:pass";
$stmt = $link->prepare($sql);
$stmt->bindParam(':name', $name, PDO::PARAM_STR);
$stmt->bindParam(':pass', $pass, PDO::PARAM_STR);
$pass = strip_tags(md5($_POST["password"]));
$name = strip_tags($_POST["username"]);
$stmt->execute();
$result = $stmt->fetch();
print_r($result);
if(empty($name) || empty($pass)){
echo "please enter a username and password!";
} else {
if(empty($result)){
echo "yes";
} else {
echo "no";
}
}
} else {
?>
<form method="post" action="test.php">
<label for="username">Username: </label>
<input type="text" name="username" />
<label for="password">Password: </label>
<input type="password" name="password" />
<input type="submit" name="login" value="Login" />
<input type="submit" name="register" value="register" />
</form>
<?php } ?>
</body>
</html>
答案 0 :(得分:2)
您对尚未设置的变量使用$stmt->bindParam
。像这样调整你的代码:
$sql = "SELECT account_name, account_pass FROM account WHERE account_name=:name AND account_pass=:pass";
$pass = strip_tags(md5($_POST["password"]));
$name = strip_tags($_POST["username"]);
$stmt = $link->prepare($sql);
$stmt->bindParam(':name', $name, PDO::PARAM_STR); // $name needs to be set before this
$stmt->bindParam(':pass', $pass, PDO::PARAM_STR); // $pass needs to be set before this
$stmt->execute();
$result = $stmt->fetch();
print_r($result);
答案 1 :(得分:0)
在绑定参数之前,是否必须设置变量?
$pass = strip_tags(md5($_POST["password"]));
$name = strip_tags($_POST["username"]);
$stmt->bindParam(':name', $name, PDO::PARAM_STR);
$stmt->bindParam(':pass', $pass, PDO::PARAM_STR);
答案 2 :(得分:0)
你有一种非常有趣的做事方式。 HEH。
我会做类似
的事情$resource = mysql_query($sql);
if(!$resource){
die("query error: ".mysql_error());
}
$count = mysql_num_rows($resource);
if($count > 0){
//match found.
}else{
//incorrect login.
}
也许我只是习惯了你的语法