使用PDOStatement :: fetch(),如mysql_fetch_array

时间:2014-04-07 18:48:20

标签: php pdo fetch

所以,我正在尝试将PDO用于登录表单以防止MYSQL注入,并且我遇到了一个问题。虽然之前我使用过这样的代码:

$fuser = $_POST['fusername'];
$fpass = $_POST['fpassword'];
$query = "SELECT * FROM person WHERE username='$fuser' AND password='$fpass'";
$result = mysql_query($query);
$num = mysql_num_rows($result);
if ($num==1) {
$row = mysql_fetch_array($result);
extract($row);
$_SESSION['auth'] = "yes";
$_SESSION['uname'] = $fuser;
$_SESSION['lev'] = $accesslevel;

我现在正尝试使用PDO执行此操作(忽略变量名称中的更改)

$loginemail = $_POST['lemail'];
$loginpass = $_POST[('lpassword')];
$loginpass = sha1($loginpass);
$query = $hsdbc->prepare('SELECT * FROM user WHERE email = 
:loginemail and password = :loginpass');
$query->bindParam(':loginemail', $loginemail, PDO::PARAM_STR, 75);
$query->bindParam(':loginpass', $loginpass, PDO::PARAM_STR, 255);
$query->execute();
if ($query->rowCount() == 1 ){

但是,我不确定如何分配会话变量的最后一部分。我已经研究了fetch并且可能认为FETCH_CLASS可能是答案,但我不确定

1 个答案:

答案 0 :(得分:0)

首先, NOT 使用extract,是否容易出错并且容易出错。

其次,你错过了提取部分:

if ($query->rowCount() == 1 ){
    $data = $query->fetch(PDO::FETCH_ASSOC);
    $_SESSION['auth'] = "yes";
    $_SESSION['uname'] = $data['fuser'];
    $_SESSION['lev'] = $data['access_level'];
}