PHP / MYSQL根据另一个标准检索名称

时间:2012-10-02 17:24:19

标签: php mysql database login pdo

所以我有一个登录系统,我想检索登录人员的名字。这是我的php:

function verify_Username_and_Pass($un, $pwd) {
        $query = "SELECT `First Name`, Username, Password
                FROM table
                WHERE Username = :un AND Password = :pwd
                LIMIT 1";

        $stmt = $this->conn->prepare($query);
        $stmt->bindParam(':un', $un);
        $stmt->bindParam(':pwd', $pwd);
        $stmt->execute();

        if ($stmt->rowCount() > 0) {
            // User exist
            return true;
            $stmt->close();
        }
        else {
            // User doesn't exist
            return false;
            $stmt->close();
        }
    }

这是一个拥有1个私有变量$ conn的类的一部分。登录工作完美,但我只想获得该人的名字。我该怎么做?

5 个答案:

答案 0 :(得分:1)

首先,永远不要从数据库中获取密码,这只是非常糟糕的做法。

其次,如果只返回一行,您只想接受用户正确。

最后bindColumn正是您要找的。 

<?php
function verify_Username_and_Pass($un, $pwd) {
    $query = "SELECT `First Name`, Username
              FROM table
              WHERE Username = :un AND Password = :pwd";
    // Don't limit the query to only one, if there is a chance that you can
    // return multiple rows, either your code is incorrect, bad data in the database, etc...

    $stmt = $this->conn->prepare($query);
    $stmt->bindParam(':un', $un);
    $stmt->bindParam(':pwd', $pwd);
    $stmt->execute();

    // Only assume proper information if you ONLY return 1 row.
    // Something is wrong if you return more than one row...
    if ($stmt->rowCount() == 1) {
        // User exist
        $stmt->bindColumn('First Name', $firstName);
        $stmt->bindColumn('Username', $username);
        // You can now refer to the firstName and username variables.
        return true;
        $stmt->close();
    } else {
        // User doesn't exist
        return false;
        $stmt->close();
    }
}
?>

那应该适合你。

答案 1 :(得分:0)

只需更改查询语句吗?

    $query = "SELECT `First Name`
            FROM table 
            WHERE Username = :un AND Password = :pwd 
            LIMIT 1";

如果抛出错误,则必须显示更多类正在执行的操作以管理db事务

答案 2 :(得分:0)

只需更改此行,即可在查询中仅选择First Name

 $query = "SELECT `First Name`, Username, Password
            FROM table
            WHERE Username = :un AND Password = :pwd
            LIMIT 1";` 
     to 

 $query = "SELECT `First Name`
            FROM table
            WHERE Username = :un AND Password = :pwd
            LIMIT 1";`

答案 3 :(得分:0)

您需要将结果绑定到下面

    if ($stmt->rowCount() > 0) {
        $stmt->bind_result($fname, $uname, $pwd);
        $stmt->fetch()
        echo $fname // here you get firsname

        // either you can return this $fname or store into session variable for further

        // User exist
        return true;
        $stmt->close();
    }
    else {
        // User doesn't exist
        return false;
        $stmt->close();
    }

答案 4 :(得分:0)

在您返回true的部分中,您可以返回实际的用户数据(无论如何,数据的数组都将评估为true)。

警告,您应该使用散列密码。不要存储密码y plain。

相关问题
最新问题