我正在尝试使用pdo和mysql创建一个登录和注册系统,并且这个错误不断弹出,我通过这种错误的所有答案阅读但是似乎无法纠正我的...继承人代码.. < / p>
<?php
class userClass
{
/* User Login */
public function userLogin($email,$password)
{
$db = getDB();
$hash_password= hash('sha256', $password);
$stmt = $db->prepare("SELECT uid FROM users WHERE email=:email AND password=:hash_password");
$stmt->bindParam("email", $email,PDO::PARAM_STR) ;
$stmt->bindParam("hash_password", $hash_password,PDO::PARAM_STR) ;
$stmt->execute();
$count=$stmt->rowCount();
$data=$stmt->fetch(PDO::FETCH_OBJ);
$db = null;
if($count)
{
$_SESSION['uid']=$data->uid;
return true;
}
else
{
return false;
}
}
/* User Registration */
public function userRegistration($email,$password,$fname,$lname,$dob,$sex,$country,$state_resd,$phone_no,$profile_pic)
{
try{
$db = getDB();
$st = $db->prepare("SELECT uid FROM users WHERE email=:email, password=:hash_password, fname=:fname, lname=:lname, dob=:dob, sex=:sex, country=:country, state_resd=:state_resd, phone_no=:phone_no, profile_pic=:profile_pic");
/**$st->bindParam("username", $username,PDO::PARAM_STR);**/
$st->bindParam("email", $email,PDO::PARAM_STR);
$st->execute();
$count=$st->rowCount();
if($count<1)
{
$stmt = $db->prepare("INSERT INTO users(email,password,fname,lname,dob,sex,country,state_resd,phone_no,profile_pic) VALUES (:email,:hash_password:fname,:lname,:dob,:sex,:country,:state_resd,:phone_no)");
/**$stmt->bindParam("username", $username,PDO::PARAM_STR) ;**/
$stmt->bindParam("email", $email,PDO::PARAM_STR) ;
$hash_password= hash('sha256', $password);
$stmt->bindParam("hash_password", $hash_password,PDO::PARAM_STR) ;
$stmt->bindParam("fname", $fname,PDO::PARAM_STR) ;
$stmt->bindParam("lname", $lname,PDO::PARAM_STR) ;
$stmt->bindParam("dob", $dob,PDO::PARAM_STR) ;
$stmt->bindParam("sex", $sex,PDO::PARAM_STR) ;
$stmt->bindParam("country", $country,PDO::PARAM_STR) ;
$stmt->bindParam("state_resd", $state_resd,PDO::PARAM_STR) ;
$stmt->bindParam("phone_no", $phone_no,PDO::PARAM_STR) ;
$stmt->bindParam("profile_pic", $profile_pic,PDO::PARAM_STR) ;
$stmt->execute();
$uid=$db->lastInsertId();
$db = null;
$_SESSION['uid']=$uid;
return true;
}
else
{
$db = null;
return false;
}
}
catch(PDOException $e) {
echo '{"error":{"text":'. $e->getMessage() .'}}';
}
}
/* User Details */
public function userDetails($uid)
{
try{
$db = getDB();
$stmt = $db->prepare("SELECT email FROM users WHERE uid=:uid");
$stmt->bindParam("uid", $uid,PDO::PARAM_INT);
$stmt->execute();
$data = $stmt->fetch(PDO::FETCH_OBJ);
return $data;
}
catch(PDOException $e) {
echo '{"error":{"text":'. $e->getMessage() .'}}';
}
}
}
?>
和注册页面
<?php
include("config.php");
include('class/userClass.php');
$userClass = new userClass();
$errorMsgReg='';
$errorMsgLogin='';
if (!empty($_POST['loginSubmit']))
{
$email=$_POST['email'];
$password=$_POST['password'];
if(strlen(trim($email))>1 && strlen(trim($password))>1 )
{
$uid=$userClass->userLogin($email,$password);
if($uid)
{
$url=BASE_URL.'home.php';
header("Location: $url");
}
else
{
$errorMsgLogin="Please check login details.";
}
}
}
if (!empty($_POST['signupSubmit']))
{
/**$username=$_POST['usernameReg'];**/
$email=$_POST['emailReg'];
$password=$_POST['passwordReg'];
$fname=$_POST['fnameReg'];
$lname=$_POST['lnameReg'];
$dob=$_POST['dobReg'];
$sex=$_POST['sexReg'];
$country=$_POST['countryReg'];
$state_resd=$_POST['state_resdReg'];
$phone_no=$_POST['phone_noReg'];
$profile_pic=$_POST['profile_picReg'];
/**$username_check = preg_match('~^[A-Za-z0-9_]{3,20}$~i', $username);**/
$email_check = preg_match('~^[a-zA-Z0-9._-]+@[a-zA-Z0-9._-]+\.([a-zA-Z]{2,4})$~i', $email);
$password_check = preg_match('~^[A-Za-z0-9!@#$%^&*()_]{6,20}$~i', $password);
if($email_check && $password_check && strlen(trim($fname))>0)
{
$uid=$userClass->userRegistration($email,$password,$fname,$lname,$dob,$sex,$country,$state_resd,$phone_no,$profile_pic);
if($uid)
{
$url=BASE_URL.'home.php';
header("Location: $url");
}
else
{
$errorMsgReg="Email already exits.";
}
}
}
?>
<!DOCTYPE html>
<html>
<head>
<style>
#container{width: 700px}
#login,#signup{width: 300px; border: 1px solid #d6d7da; padding: 0px 15px 15px 15px; border-radius: 5px;font-family: arial; line-height: 16px;color: #333333; font-size: 14px; background: #ffffff;rgba(200,200,200,0.7) 0 4px 10px -1px}
#login{float:left;}
#signup{float:right;}
h3{color:#365D98}
form label{font-weight: bold;}
form label, form input{display: block;margin-bottom: 5px;width: 90%}
form input{ border: solid 1px #666666;padding: 10px;border: solid 1px #BDC7D8; margin-bottom: 20px}
.button {
background-color: #5fcf80 !important;
border-color: #3ac162 !important;
font-weight: bold;
padding: 12px 15px;
max-width: 300px;
color: #ffffff;
}
.errorMsg{color: #cc0000;margin-bottom: 10px}
</style>
<body>
<div id="container">
<<div id="signup">
<h3>Registration</h3>
<form method="post" action="" name="signup">
<label>Email</label>
<input type="text" name="emailReg" autocomplete="off" />
<label>Password</label>
<input type="password" name="passwordReg" autocomplete="off"/>
<label>First Name</label>
<input type="text" name="fnameReg" autocomplete="off" />
<label>Last Name</label>
<input type="text" name="lnameReg" autocomplete="off" />
<label>Sex</label>
<input type="text" name="sexReg" autocomplete="off" />
<label>Date of Birth</label>
<input type="text" name="dobReg" autocomplete="off" />
<label>Country</label>
<input type="text" name="countryReg" autocomplete="off" />
<label>State of Residence</label>
<input type="text" name="state_resdReg" autocomplete="off" />
<label>Phone Number</label>
<input type="text" name="phone_noReg" autocomplete="off" />
<label>Profile photo</label>
<input type="text" name="profile_picReg" autocomplete="off" />
<!--<label>Username</label>
<input type="text" name="usernameReg" autocomplete="off" />-->
<div class="errorMsg"><?php echo $errorMsgReg; ?></div>
<input type="submit" class="button" name="signupSubmit" value="Create Counter">
<a href="index.php" class="to_register"> Login </a>
</form>
</div>
</div>
</body>
</html>
请帮我看看我的代码,看看接近新手时出了什么问题
答案 0 :(得分:0)
您获得的错误是不言自明的,这意味着您绑定的参数数量不等于您在查询语句的第一部分中使用的列名数。
您的注册功能应如下所示
/* User Registration */
public function userRegistration($email,$password,$fname,$lname,$dob,$sex,$country,$state_resd,$phone_no,$profile_pic)
{
try{
$db = getDB();
$st = $db->prepare("SELECT uid FROM users WHERE email=:email LIMIT 1");
$st->bindParam("email", $email,PDO::PARAM_STR);
$st->execute();
$count=$st->rowCount();
if($count<1)
{
$stmt = $db->prepare("INSERT INTO users(email,password,fname,lname,dob,sex,country,state_resd,phone_no,profile_pic) VALUES (:email,:hash_password,:fname,:lname,:dob,:sex,:country,:state_resd,:phone_no,:profile_pic)");
$stmt->bindParam("email", $email,PDO::PARAM_STR) ;
$hash_password= password_hash($password,PASSWORD_DEFAULT);
$stmt->bindParam(":hash_password", $hash_password,PDO::PARAM_STR) ;
$stmt->bindParam(":fname", $fname,PDO::PARAM_STR) ;
$stmt->bindParam(":lname", $lname,PDO::PARAM_STR) ;
$stmt->bindParam(":dob", $dob,PDO::PARAM_STR) ;
$stmt->bindParam(":sex", $sex,PDO::PARAM_STR) ;
$stmt->bindParam(":country", $country,PDO::PARAM_STR) ;
$stmt->bindParam(":state_resd", $state_resd,PDO::PARAM_STR) ;
$stmt->bindParam(":phone_no", $phone_no,PDO::PARAM_STR) ;
$stmt->bindParam(":profile_pic", $profile_pic,PDO::PARAM_STR) ;
$stmt->execute();
$uid=$db->lastInsertId();
$db = null;
$_SESSION['uid']=$uid;
return true;
}
else
{
$db = null;
return false;
}
}
catch(PDOException $e) {
echo '{"error":{"text":'. $e->getMessage() .'}}';
}
}
注意:当您认为要哈希密码时,我已经改变了您使用的sha256。我使用password_hash();和password_verify();这个问题将为您提供更多详细信息,说明我使用它的原因。 Secure hash and salt for PHP passwords
您可能还需要访问该网站。 https://phpdelusions.net/pdo了解有关正确使用PDO的更多信息。
使用PDO插入替代/通常简单的方法:
$stmt = $db->prepare("INSERT INTO users(email,password,fname,lname,dob,sex,country,state_resd,phone_no,profile_pic) VALUES (?,?,?,?,?,?,?,?,?,?)");
$stmt->execute(array($email,$hash_password,$fname,$lname,$dob,$sex,$country,$state_resd,$phone_no,$profile_pic));
您的登录功能使用password_verify();应该是这样的:
/* User Login */
public function userLogin($email,$password)
{
$db = getDB();
// $hash_password= hash('sha256', $password);
$stmt = $db->prepare("SELECT uid,email,password FROM users WHERE email=:email");
$stmt->bindParam(":email", $email,PDO::PARAM_STR) ;
$stmt->execute();
$results= $stmt->fetchall(PDO::FETCH_ASSOC);
if(count($results) > 0){
foreach($results as $row){
if(password_verify($password,$row['password'])){
$_SESSION['uid']=$data->uid;
return true;
//$password is the password from the user
}else{
//provided password does not match stored hash
return false;
}
}
}else{
//No results
return false;
}
}
希望我没有错过任何大括号:)