我将Mysqli转换为PDO,然后遇到了代码不起作用的问题。它不起作用,因为用户名和密码不匹配。尽管它与Mysqli匹配。
P.S-即使我想呆在Mysqli上,也不是我的mysqli无法安全运行。
PDO 的CODE
<?php
session_start();
$id= $_SESSION['id'];
//check.php
$host = 'localhost';
$user = 'root';
$password = '';
$dbname = 'test';
$dsn = 'mysql:host='.$host.';dbname='.$dbname;
$pdo = new PDO($dsn,$user,$password);
$pdo->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_OBJ);
if(isset($_POST["email"], $_POST["password"]))
{
$email = $_POST["email"];
$password = md5($_POST["password"]);
$sql = 'SELECT * FROM shopusers WHERE email = :email AND password = :password AND id =:id';
$stmt = $pdo->prepare($sql);
$stmt->execute(['email'=>$email,'password'=>$password, 'id'=>$id]);
}
?>
CODE
<?php
//check.php
$connect = mysqli_connect("localhost", "root", "", "test");
if(isset($_POST["email"], $_POST["password"]))
{
$email = mysqli_real_escape_string($connect, $_POST["email"]);
$password = md5(mysqli_real_escape_string($connect, $_POST["password"]));
$query = "SELECT * FROM shopusers WHERE email = '".$email."' AND password = '".$password."' ";
$result = mysqli_query($connect, $query);
echo mysqli_num_rows($result);
}
?>