代码如下:
<?php
class User {
protected $pdo;enter code here
function __construct($pdo){
$this->pdo = $pdo;
}
public function checkInput($var){
$var = htmlspecialchars($var);
$var = trim($var);
$var = stripcslashes($var);
return $var;
}
public function login($email,$password){
$stmt = $this->pdo->prepare("SELECT 'user_id' FROM 'users' WHERE 'email' = :email AND 'password' = :password");
$stmt->bindParam(":user_id", $user_id, PDO::PARAM_STR);
$stmt->bindParam(":password", $password, PDO::PARAM_STR);
$stmt->execute();
$user = $stmt->fetch(PDO::FETCH_OBJ);
$count = $stmt->rowCount();
if($count > 0){
$_SESSION['user_id'] = $user->user_id;
header('Location: home.php');
}else{
return false;
}
}
}
?>
答案 0 :(得分:0)
您的查询中有synatax错误而您正在尝试传递错误的参数。您的$user_id位于$email,因此您应该$email,因为您正在接收$password和{{1} }
更改
$stmt->bindParam(":user_id", $user_id, PDO::PARAM_STR);
使用
$stmt->bindParam(":email", $email, PDO::PARAM_STR);
并改变
$stmt = $this->pdo->prepare("SELECT 'user_id' FROM 'users' WHERE 'email' = :email AND 'password' = :password");
使用
$stmt = $this->pdo->prepare("SELECT user_id FROM users WHERE email = :email AND password = :password");