我从未对pdo做过任何事情,而且我很难在我的login.php文件中将mysql_ *切换为pdo。是否有任何建议如何这样做,并使我的登录安全注射?
的login.php:
session_start();
$username = $_POST ['username'];
$password = $_POST ['password'];
if ($username&&$password)
{
$connect = mysql_connect ("localhost","**********","***********") or die
("Couldn't connect");
mysql_select_db ("*********") or die ("DataBase does not exist");
$query = mysql_query("SELECT * FROM members WHERE username='$username'");
$numrows = mysql_num_rows ($query);
if ($numrows!=0)
{
while ($row = mysql_fetch_assoc($query))
{
$dbusername = $row['username'];
$dbpassword = $row['password'];
$firstname = $row['FirstName'];
}
if ($username==$dbusername&&$password==$dbpassword&&$numrows>0)
{
$_SESSION['name'] = $firstname;
$_SESSION['username'] = $username;
header( 'Location: admin.php' ) ;
exit;
}
else
echo "Incorrect Password!";
}
else
die ("User Doesn't Exist");
}
else
die("Please try again!");
?>
编辑:
dbconnect.php:
<?php
$username = 'root';
$password = '';
$maininf = 'mysql:host=localhost;dbname=;charset=utf8';
$db = new PDO($maininf,$username,$password);
?>
这是正确的吗?
答案 0 :(得分:2)
事实上,这种转换是一项非常简单的任务。你只是从错误的一端接受它。很可能你只是在使用它之前没有学习PDO。事实证明这是不合逻辑的行为:你不应该在获得执照之前学会驾驶吗?同样的事情 - 你必须先学习。所以,find yourself a tutorial,就像来自tuts +的那个,然后阅读它,然后完成所有的例子和练习。然后尝试编写一个你自己的简单代码片段,然后玩一下。从那时起,转换的任务将是小菜一碟!
您可以从PDO tag wiki这里开始
为了完整起见。
session_start();
if ($_POST['password'])
{
include 'pdo.php';
$stmt = $pdo->prepare("SELECT * FROM members WHERE username=?");
$stmt->execute([$_POST['username']]);
$row = $stmt->fetch();
if ($row && $row['password'] == $_POST['password'])
{
$_SESSION['user'] = $row;
header( 'Location: admin.php' ) ;
exit;
}
}
die("Please try again!");