...更新
我正在编写预备语句,我收到此错误消息:
注意:未定义的索引:第34行的C:\ Program Files(x86)\ EasyPHP-12.1 \ www \ inlogg_och_lagar \ core.inc.php中的用户名
致命错误:带有消息'SQLSTATE [42000]的未捕获异常'PDOException':语法错误或访问冲突:1064 SQL语法中有错误;查看与您的MySQL服务器版本相对应的手册,以便在C:\ Program Files(x86)\ EasyPHP-12.1 \ www \ inlogg_och_lagar \ core.inc.php中的第1行'''附近使用正确的语法:34 Stack跟踪:#0 C:\ Program Files(x86)\ EasyPHP-12.1 \ www \ inlogg_och_lagar \ core.inc.php(34):PDOStatement-> execute(Array)#1 C:\ Program Files(x86)\ EasyPHP -12.1 \ www \ inlogg_och_lagar \ index.php(23):getuserrow('username')#2 {main}抛出C:\ Program Files(x86)\ EasyPHP-12.1 \ www \ inlogg_och_lagar \ core.inc.php on第34行
有人能告诉我我做错了什么吗? 这是一个简单的登录脚本。
这是loginform.inc.php
<?php
if (isset($_POST['username'])&&isset($_POST['password'])) {
$username = $_POST['username'] ;
$password = $_POST['password'] ;
$password_hash = md5 ($password);
if ($username && $password)
{
$query ="SELECT * FROM USERDATA where `username` = :username AND `password` = :password";
$stmt = $pdo->prepare($query);
$stmt->execute(array(
':username' => $_POST['username'],
':password' => $password_hash
));
$row = (bool) $stmt->fetch();
if (!$rows)
{
echo '<p class="warning">Fel användarnamn/lösenords kombination.</p>';
} else {
$_SESSION['user_id'] = $row;
header('Location: index.php');
exit;
}
} else {
echo '<p class="warning">Du måste fylla i ett användarnamn och lösenord</p>';
}
}
?>
<!--- LOGIN FORM --->
<div id="form-column">
<p>You need to be loggedin.</p>
<p>Fill out username and password.</p>
<form action="<?php echo $current_file; ?>" method="POST">
Användarnamn: <input type="text" name="username">
Lösenord: <input type="password" name="password">
<input type="submit" value="Log in">
</form>
</div>
这是core.inc.php
<?php
ob_start();
session_start();
$current_file = $_SERVER['SCRIPT_NAME'];
if (isset($_SERVER['HTTP_REFERER'])&&!empty($_SERVER['HTTP_REFERER'])) {
$http_referer = $_SERVER['HTTP_REFERER'];
}
function loggedin () {
if (isset($_SESSION['user_id'])&&!empty($_SESSION['user_id'])) {
return true;
} else {
return false;
}
}
function getuserrow ($row) {
$sql ="SELECT * FROM USERDATA where id = ?".$_SESSION['user_id']."'";
global $pdo;
$stmt = $pdo->prepare($sql);
$stmt->execute(array($_POST['username']));
$row = $stmt->fetch();
}
?>
这是connect.inc.php
<?php
$dsn = "mysql:host=localhost;dbname=users;charset=utf8";
$opt = array(
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC
);
$pdo = new PDO($dsn,'root','', $opt);
?>
答案 0 :(得分:1)
您的PDO对象定义为$pdo,但后来被称为$dbh:
来自connect.inc.php:
$pdo = new PDO($dsn,'root','', $opt);
来自loginform.inc.php:
global $dbh;
// ...
$stmt = $dbh->prepare($sql);
此外,loginform.inc.php似乎不包含connect.inc.php。
答案 1 :(得分:1)
您在$stmt->execute(array($_POST['username']))错过了第二个参数
它应该是
$sql ="SELECT * FROM USERDATA where username = ? AND password = ?";
$stmt = $pdo->prepare($sql);
$stmt->execute(array($_POST['username'], md5($_POST['password'])));//<== here
答案 2 :(得分:1)
替换它,
global $pdo; // <- You don't need this one
$sql ="SELECT * FROM USERDATA where username = ? AND password = ?";
$stmt = $pdo->prepare($sql);
$stmt->execute(array($_POST['username']));
$row = $stmt->fetch();
与
$query ="SELECT * FROM USERDATA where `username` = :username AND `password` = :password";
$stmt = $pdo->prepare($query);
$stmt->execute(array(
':username' => $_POST['username'],
':password' => $password_hash
));
$row = (bool) $stmt->fetch();
为了避免像这样的情况,你最好坚持使用命名占位符而不是未命名的占位符(如?)。