我正在尝试将此登录脚本从mySql转换为PDO,并且SELECT语句适用于user_name但不适用于密码。
显示的错误消息是"SQLSTATE[HY093]: Invalid parameter number: parameter was not defined“。我是否需要为此声明绑定$ hashedPassword?
<?php
session_start();
//Include database connection details & salt
$password = $_POST['password'];
$hashedPassword = sha1($salt . $password);
try {
$stmt_user = $conn->prepare("SELECT * FROM customer_info WHERE user_name = :user_name and password = :hashedPassword");
$stmt_user->bindValue(':user_name', $_POST['user_name'], PDO::PARAM_STR);
$stmt_user->bindValue(':password', $hashedPassword);
$stmt_user->execute();
session_regenerate_id();
$member = $stmt_user->fetch();
$_SESSION['SESS_USER_ID'] = $member['user_id'];
session_write_close();
header("location: launch_member_account.php");
exit();
}catch(PDOException $e) {
echo $e->getMessage();
}
?>
答案 0 :(得分:1)
该语句定义了一个名为:hashedPassword的参数,但bindValue()调用使用了一个名为:password的未知参数。
$stmt_user = $conn->prepare("SELECT * FROM customer_info WHERE user_name = :user_name and password = :hashedPassword");
//---------------------------------------------------------------------------------------------------^^^^^^^^^^^^^^^^^
// Change this to match the statement.
$stmt_user->bindValue(':hashedPassword', $hashedPassword);
参数的命名并不重要,只要它们匹配,最好只在整个应用程序中使它们保持一致。