我正在使用我在网上找到的登录脚本。 (http://alias.io/2010/01/store-passwords-safely-with-php-and-mysql/)
当我试图让它发挥作用时,我偶然发现了这个错误:
布尔(假) 致命错误:在第25行的/srv/disk3/1446018/www/askmephilosophy.co.nf/session.php中调用非对象上的成员函数bindParam()
我的代码:
<?php
include('config.php');
// Establishing the connection:
$MyConnection = mysqli_connect('hostname', 'user', 'pass', 'database')
or die('An error has occured when you were trying to login. You can return to the main page
by clicking: <a href="index.php">here</a>. <br />
If this error is consistent, please <a href="contact.php">contact us</a>.');
// Information provide by the user:
$username = $_POST['username'];
$password = $_POST['password']; // Text version.
$StatementHandle = $MyConnection->prepare('
SELECT
hash
FROM Users
WHERE
username = :username
LIMIT 1
');
var_dump($StatementHandle);
$StatementHandle->bindParam(':username', $username);
$StatementHandle->execute();
$user = $StatementHandle->fetch(PDO::FETCH_OBJ);
// Hashing the password with its hash as the salt returns the same hash:
if(crypt($password, $user->hash) == $user->hash) {
echo 'You are logged in. Well, not actually. We only just confirmed that
our system works. This service\'ll cost you $1';
}
?>
答案 0 :(得分:1)
您的连接对象是mysqli,您应该使用PDO连接mysql,如
$dsn = 'mysql:dbname=testdb;host=127.0.0.1';
$user = 'dbuser';
$password = 'dbpass';
try {
$dbh = new PDO($dsn, $user, $password);
} catch (PDOException $e) {
echo 'Connection failed: ' . $e->getMessage();
}