所以我正在创建一个登录页面。我输入正确的用户详细信息时得到的输出 - 用户名和密码是'登录失败'。我不确定它在哪里绊倒有人能帮助我吗?
代码:
require_once __DIR__.'/config.php';
$dbh = new PDO('mysql:host=' . DB_HOST . ';dbname=' . DB_USERNAME, DB_USERNAME, DB_PASSWORD);
$sql = "SELECT * FROM users WHERE username = :u AND password = :p";
$query = $dbh->prepare($sql);
$results = $query->fetchAll();
$params = array(":u" => $_POST['username'], ":p" =>($_POST['password']));
$query->execute($params);
if (count($results) > 0 ){
$firstrow = $results[0];
$_SESSION['username'] = $firstrow['username'];
header ("location:index.php");
}
else{
echo "Login Has Failed";
return;
}
答案 0 :(得分:2)
获取之前执行:
$dbh = new PDO('mysql:host=' . DB_HOST . ';dbname=' . DB_USERNAME, DB_USERNAME, DB_PASSWORD);
$sql = "SELECT * FROM users WHERE username = :u AND password = :p";
$query = $dbh->prepare($sql);
$results = $query->fetchAll(); // this line is ahead of execution
$params = array(":u" => $_POST['username'], ":p" =>($_POST['password']));
$query->execute($params);
应该是:
$sql = "SELECT * FROM users WHERE username = :u AND password = :p";
$query = $dbh->prepare($sql); // prepare
$params = array(":u" => $_POST['username'], ":p" => $_POST['password']);
$query->execute($params); // execute
$results = $query->fetchAll(); // then fetch
旁注:如果您的行值确实在表格中进行了散列,则可能需要在绑定密码之前先对密码进行哈希处理。
无论出于何种原因,您仍未对密码进行任何哈希处理,我建议(如果可用,PHP 5.5或更高版本)使用password_hash
和password_verify
。如果不可用(PHP 5.4或更低版本),还会向后兼容library。