我认识到的一件事是我在PDO Prepared中设置的条款只有两个这样的条款:
WHERE myemail = :myemail AND mypassword = :mypassword
所以,我现在想要尝试的是我想在PDO Prepared中设置三个子句,如下所示:
WHERE myemail = :myemail, mypassword = :mypassword, AND username = :username
但我不确定我是否正确这样做。我只是学习php(自学成才)。
我问这个问题是因为索引页面只显示正确的电子邮件地址会话但用户名错误。
当我使用“someone@mail.com”的电子邮件从“某人”的用户名登录时,索引页面会显示会话的正确用户名和电子邮件地址。
但是,当我从“somebody”的用户名登录“somebody@mail.com”的电子邮件时,索引页面显示正确的电子邮件(somebody@ymail.com),但用户名错误(某人)没有(某人)。
这是我的代码:
// Define $myusername and $mypassword
$myemail=$_POST['myemail'];
$mypassword=$_POST['mypassword'];
// We Will prepare SQL Query
$STM = $dbh->prepare("SELECT * FROM newuser WHERE myemail = :myemail AND mypassword = :mypassword");
// bind paramenters, Named paramenters alaways start with colon(:)
$STM->bindParam(':myemail', $myemail);
$STM->bindParam(':mypassword', $mypassword);
// For Executing prepared statement we will use below function
$STM->execute();
// Count no. of records
$count = $STM->rowCount();
//just fetch. only gets one row. So no foreach loop needed :)
$row = $STM -> fetch();
// User Redirect Conditions will go here
if ( $count == 1 ) {
$_SESSION['login_id'] = $row['id'];
$_SESSION['username'] = $row['username']; // added
$_SESSION['myemail'] = $row['myemail']; // added
if ( $_SESSION['login_id'] != '' || $_SESSION['login_id'] > 0 ) { // edited
header("location: index.php");
} else {
header("location: login3.html");
}
}
<?php
include('UserSessionAdmin.php');
$username = $_SESSION['username'];
$myemail = $_SESSION['myemail'];
?>
<body>
<?php echo $username; ?>
<?php echo $myemail; ?>
</body>
UserSessionAdmin.php
<?php
session_start();
if ( $_SESSION['login_id'] == 0 || $_SESSION['login_id'] == '' ) {
header('location: login.html');
exit();
}
require_once('configPDO.php');
?>
更新:
当我在echo var_dump($row);行之前添加$count==1时,该页面会显示以下结果:
array(6) { ["username"]=> string(8) "Somebody" [0]=> string(8) "Somebody" ["myemail"]=> string(17) "somebody@mail.com" [1]=> string(17) "somebody@mail.com" ["mypassword"]=> string(8) "thebest2" [2]=> string(8) "thebest2" }
答案 0 :(得分:3)
WHERE myemail = :myemail, mypassword = :mypassword, AND username = :username
在那里扔另一个AND:
WHERE myemail = :myemail AND mypassword = :mypassword AND username = :username
当我使用“someone@mail.com”的电子邮件从“某人”的用户名登录时,索引页面会显示正确的用户名和电子邮件地址。
您应该使用数据库中的数据作为事实来源,而不是用户在表单中输入的内容。进行查询并仅依赖结果集中的数据。
答案 1 :(得分:1)
在WHERE查询中的每个子句之间使用AND,如下所示:
WHERE myemail = :myemail AND mypassword = :mypassword AND username = :username
用于选择字段。 (以及其他一些事情,但不是将WHERE子句串在一起)
编辑:自从给出这个答案以来,这个问题已经发生了严重的变化,所以它已经不再适用了。答案 2 :(得分:1)
从你的说法来看,这很奇怪,这就是我将如何调试它:
header("location: index.php?username=".$row['username]."&myemail=".$row['myemail']);
然后
<?php
include('UserSessionAdmin.php');
//$username = $_SESSION['username'];
//$myemail = $_SESSION['myemail'];
$username = $_GET['username'];
$myemail = $_GET['myemail'];
?>
<body>
<?php echo $username; ?>
<?php echo $myemail; ?>
</body>
这不是一个直接的答案,这将帮助您缩小问题的范围。
如果这有效,很明显SESSION对此负责。
<小时/> 修改
$_GET仅用于调试,当然它并不适用于此。
现在我们知道它的会话,你总是需要确保它已经启动。
设置时:
if ( $count == 1 ) {
session_start();
$_SESSION['login_id'] = $row['id'];
$_SESSION['username'] = $row['username'];
$_SESSION['myemail'] = $row['myemail'];
...
}
当你得到它时:
include('UserSessionAdmin.php');
session_start();//again!
$username = $_SESSION['username'];
$myemail = $_SESSION['myemail'];