我对php很新,所以请原谅我使用newb代码,虽然我需要使用php,但是我更多地习惯使用PHP,目前我有php页面连接到数据库,如果成功将值存储到cookie中虽然因错误的字符串
而抛出这些错误消息Warning: Illegal string offset 'Member_Username' in C:\xampp\htdocs\awm\includes\login.php on line 10
Warning: Illegal string offset 'Member_Password' in C:\xampp\htdocs\awm\includes\login.php on line 10
Notice: Trying to get property of non-object in C:\xampp\htdocs\awm\includes\login.php on line 13
这是我的代码:
<?php
try
{
$Username = $_POST['Username'];
$Password = $_POST['Password'];
$con = mysqli_connect('localhost','root','Password','Letting');
$query = "SELECT Member_Id, Member_Firstname, Member_Surname FROM Members WHERE Member_Username = '" . $Username['Member_Username'] . "' AND Password = '" . $Password['Member_Password']. "'";
$result = $con->query($query);
if($result->num_rows)
{
$row = $result->fetch_assoc();
$_SESSION['MemberId']=$row['Member_Id'];
$_SESSION['Firstname']=$row['Member_Firstname'];
$_SESSION['Surname']=$row['Member_Surname'];
if(isset($_POST['RememberMe']))
{
setcookie('login',$row['Member_Id'],time() +60*60*60*24*7);
}
else
{
$msg = 'Login failed';
}
}
}
catch(Exception $e)
{
echo $e->errorMessage();
}
?>
答案 0 :(得分:5)
假设这些变量是字符串:
$Username = $_POST['Username'];
$Password = $_POST['Password'];
使用索引调用/处理它们作为数组肯定会触发非法字符串偏移错误。这是哪一行:
$query = "SELECT Member_Id, Member_Firstname, Member_Surname FROM Members WHERE Member_Username = '" . $Username['Member_Username'] . "' AND Password = '" . $Password['Member_Password']. "'";
由于MySQLi已经支持预处理语句,为什么不使用它们,因为截至目前,你很容易受到SQL注入的攻击。我不会添加直接连接$Username
和$Password
的解决方案,但我会在准备好的语句上给出粗略的例子:
$query = 'SELECT Member_Id, Member_Firstname, Member_Surname
FROM Members
WHERE Member_Username = ?
AND Password = ?';
$select = $con->prepare($query);
$select->bind_param('ss', $Username, $Password);
$select->execute();
if($select->num_rows > 0) {
// rest of codes
}
旁注:您似乎正在保存简单的裸密码,如果它可供您使用(PHP 5.5或更高版本),我建议您使用password_hash
+ password_verify
来处理您的登录模块用于散列这些密码。如果您使用的是PHP 5.4或更低版本且无法使用内置版本,那么已经有compatibility pack library。
答案 1 :(得分:0)
试试这个
$query = "SELECT Member_Id, Member_Firstname, Member_Surname
FROM Members WHERE Member_Username = '" . $Username .
"' AND Password = '" . $Password. "'";