我有以下功能
public function checkLogin($username, $password){
$select_query = $this->connect()->prepare("SELECT `username` , `password` FROM `users`
WHERE `username` = :username AND `password` = :password");
$select_query->bindParam(':username', $username);
$select_query->bindParam(':password', $password);
try{
$select_query->execute();
} catch(PDOException $ex) {
echo "An Error occured while checking for username!\n"; //user friendly message
logger($ex->getMessage());
}
return ($select_query->fetchColumn() > 0) ? true : false;
}
当$ username是test并且$ password是password时,alwasy什么都不返回,当我从phpMyAdmin运行sql时,它会给出正确的结果。这是我在phpMyAdmin上运行的
SELECT `username` , `password`
FROM `users`
WHERE `username` = 'test'
AND `password` = 'password'
它返回1个正确的用户。
答案 0 :(得分:0)
尝试指定参数的类型:
$select_query->bindParam(':username', $username, PDO::PARAM_STR);
$select_query->bindParam(':password', $password, PDO::PARAM_STR);
答案 1 :(得分:0)
此外,您可以使用bindValue
代替bindParam
$select_query->bindValue(':username', $username);
$select_query->bindValue(':password', $password);
答案 2 :(得分:0)
再看一下你的sql语句:
"SELECT `username`, `password`
FROM `users`
WHERE `username` = :username AND `password` = :password"
因为您正在搜索字符串数据类型,所以需要将:username和:password slugs包装在单引号中。试试这个,它应该可以解决问题。