此代码包含在SQL.php文件中,该文件包含SQL的所有函数:
function check_login($ user_name,$ password){
#create the PDO object
/**
* Used to instanciate the host of the server
* @var string
*/
$hostname = 'localhost';
/**
* Used to instanciate the username to connect to the server
* @var string
*/
$username = 'ODBC';
/**
* Used to instanciate the password to connect to the server
* @var string
*/
$pass = "";
/**
* Used to instanciate the database name
* @var string
*/
$db_name = 'bloggie_db';
try{
mysql_query("SET NAMES 'utf8");
$dbh = new PDO("mysql:host=$hostname;dbname=$db_name" , $username, $pass);
#set PDO error mode to exception
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
#Check to see if the user exists
$stmt = $dbh->query("SELECT password, username, firstname, surname FROM users WHERE username = '" . $user_name . "'");
$row = $stmt->fetch(PDO::FETCH_ASSOC);
$check_username = $row['username'];
$check_password = $row['password'];
$name = $row['firstname'];
$surname = $row['surname'];
if ($row){
if($check_password=$password & $check_username=$user_name){
header("Content-Type: text/html; charset=utf-8");
echo 'pass check= ' . $check_password . ' password= '. $password . ' firstname= ' . $name . ' surname= ' . $surname;
return array($name, $surname);
}else{
echo "Your details are invalid.";
return false;
}
}else{
echo "Your account does not exist";
}
}catch(PDOException $e){
$e->getTrace();
}
$dbh = null;
}
当打印密码时,我得到一个包含gaves的奇怪值,例如" dapb`"当值实际上应该是6544时。
在Login.php中,我调用了sql函数:
/**
* Requesting the users username from Bloggie_Welcome.php
* @var string
*/
$username = $_REQUEST['Email'];
/**
* Retrieving the users password from Bloggie_Welcome.php
* @var string
*/
$password = $_REQUEST['Password'];
#Including the path to the validation object
include '../Objects/SQL.php';
#Instanciating the SQL object
$sql = new SQL();
#Calling the sql function check_login
$details = $sql->check_login($username, $password);
session_start();
if(isset($details)){
$_SESSION['username'] = $username;
$_SESSION['firstname'] = $details[0];
$_SESSION['surname'] = $details[1];
//header("Location: ../Bloggie_Profile.php");
}
我似乎无法理解为什么当我打印用户名,密码,名字和姓氏时,所有数据都是正确的,除了密码。
创建users表: function create_Users(){
#create the PDO object
/**
* Used to instanciate the host of the server
* @var string
*/
$hostname = 'localhost';
/**
* Used to instanciate the username to connect to the server
* @var string
*/
$username = 'ODBC';
/**
* Used to instanciate the password to connect to the server
* @var string
*/
$password = "";
/**
* Used to instanciate the database name
* @var string
*/
$db_name = 'bloggie_db';
try{
$dbh = new PDO("mysql:host=$hostname;dbname=$db_name" , $username, $password);
echo "<br/>Database connected <br/>";
#set PDO error mode to exception
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
#create users table
$sqlU = 'CREATE TABLE users('.
'user_id INT NOT NULL AUTO_INCREMENT,'.
'firstname VARCHAR(50),'.
'surname VARCHAR(50),'.
'username VARCHAR(100),'.
'password VARCHAR(255),'.
'contact_num VARCHAR(10),'.
'email VARCHAR(100),'.
'gender VARCHAR(50),'.
'DOB DATE,'.
'profile_path VARCHAR(200),'.
'bio VARCHAR(255),'.
'PRIMARY KEY(user_id))';
$dbh->exec($sqlU);
echo "<br/> Users table dropped.";
$dbh = null;
}catch(PDOException $e){
echo "<br/>" . $e->getMessage() . "<br/>";
die(print_r($e->getTrace()));
}
}
请帮助我:(。
答案 0 :(得分:1)
我认为你正在做最常见的编程错误,只是错误的操作符:
if($check_password=$password & $check_username=$user_name){
这就是为什么您首先将$chack_password
分配给$password
并在其上执行二元和(&
)运算符(而不是&&
(AND)){{1} }。 $user_name
现在返回不同的值。
只要修复它,它应该没问题。