<?php
$abc = $objpdo->prepare("SELECT * FROM testdb.users WHERE user = ':login' AND user_pass=PASSWORD(':password')");
$abc->bindParam(':login', $_POST['name']);
$abc->bindParam(':password', $_POST['pw']);
$abc->execute();
echo $abc->rowCount();
// the example above doesn't work rowCount is always 0
$abc = $objpdo->prepare("SELECT * FROM testdb.users WHERE user = '?' AND user_pass=PASSWORD('?')");
$abc->execute([$_POST['name'], $_POST['pw']]);
echo $abc->rowCount();
// and again rowCount is always 0
$abc = $objpdo->query("SELECT * FROM testdb.users WHERE user = '".$_POST['name']."' AND user_pass=PASSWORD('".$_POST['pw']."')");
echo $abc->rowCount();
// this thing here is working
?>
我在我的代码中准备好的陈述似乎不起作用, 奇怪的是当我尝试运行query()而没有准备它,只是直接将值传递给它工作的字符串。
请注意,我总是使用现有用户/密码尝试此代码。
答案 0 :(得分:1)
占位符周围不需要引号,否则查询只会将它们视为字符串,而不是占位符。
$abc = $objpdo->prepare("SELECT * FROM testdb.users WHERE user = :login AND user_pass=PASSWORD(:password)");
与序数占位符(问号)相同:
$abc = $objpdo->prepare("SELECT * FROM testdb.users WHERE user = ? AND user_pass=PASSWORD(?)");