当我尝试登录我的网站时收到此错误消息:数据库错误:SQLSTATE [HY093]:参数号无效:参数未定义 我不确定这甚至意味着什么,即使在谷歌上搜索它。 这是我的代码:
<?php
//declaring variables and assigning values from log in form
//validate text was entered in UserName text box
if(empty($_POST['txtUserName']))
{
showForm(null);
exit();
}
else
{
$User_Name = $_POST['txtUserName'];
}
//validate text was entered in password text box
if(empty($_POST['txtPassword']))
{
showForm(null);
exit();
}
else
{
$Password = $_POST['txtPassword'];
}
if ($PasswordForm != Password($User_Name))
{
showForm('Customer ID and Password did not match. Please try again!');
exit();
}
function Password($User_Name)
{
//$UserName = $_GET['txtUserName'];
//$Password = $_GET['txtPassword'];
//declare and assign values to variables
$dsn = 'mysql:host=XXX;dbname=XXX';
$username='XXX';
$password='XXX';
//variable for errors
$options = array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION);
//try to run code
try {
//object to open database
$db = new PDO($dsn,$username,$password, $options);
//check username against password
$SQL = $db->prepare("Select Password from user where USER_NAME = :USER_NAME");
$SQL->bindValue(':User_Name', $User_Name);
$SQL->execute();
$username = $SQL->fetch();
if($username === false)
{
$Password = null;
}
else
{
$Password = $username['Password'];
}
return $Password;
$SQL->closeCursor();
$db = null;
} catch(PDOException $e){
$error_message = $e->getMessage();
echo("<p>Database Error: $error_message</p>");
exit();
}
}
function showForm($formMessage = "Please Enter Valid User ID and Password")
{ ?>
答案 0 :(得分:0)
PHP区分大小写,这意味着:User_Name与以下内容不同:USER_NAME。
因此改变
:USER_NAME to :User_Name
答案 1 :(得分:0)
<?php
//declaring variables and assigning values from log in form
//validate text was entered in UserName text box
if(empty($_POST['txtUserName']))
{
showForm(null);
exit();
}
else
{
$User_Name = $_POST['txtUserName'];
}
//validate text was entered in password text box
if(empty($_POST['txtPassword']))
{
showForm(null);
exit();
}
else
{
$Password = $_POST['txtPassword'];
}
if ($Password != Password($User_Name))
{
include "teamc/index.php";
}
else
{
showForm('Customer ID and Password did not match. Please try again!');
exit();
}
function Password($User_Name)
{
//$UserName = $_GET['txtUserName'];
//$Password = $_GET['txtPassword'];
//declare and assign values to variables
$dsn = 'mysql:host=XXX;dbname=XXX';
$username='XXX';
$password='XXX';
//variable for errors
$options = array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION);
//try to run code
try {
//object to open database
$db = new PDO($dsn,$username,$password, $options);
//check username against password
$SQL = $db->prepare("Select USER_PASSWORD FROM user WHERE USER_NAME = :USER_NAME");
$SQL->bindValue(':USER_NAME', $User_Name);
$SQL->execute();
$username = $SQL->fetch();
if($username === false)
{
$Password = null;
}
else
{
$Password = $username['USER_PASSWORD'];
}
return $Password;
$SQL->closeCursor();
$db = null;
} catch(PDOException $e){
$error_message = $e->getMessage();
echo("<p>Database Error: $error_message</p>");
exit();
}
}
function showForm($formMessage = "Please Enter Valid User ID and Password")
{ ?>