当$id为 abc@a.b 时,它返回 true 。这符合预期!
但是,当
$id为 1234567 时,它将返回 false 。这是不是 符合预期!
+----+---------+---------+-----------+
| Id | Email | Mobile | Password |
+----+---------+---------+-----------+
| 15 | abc@a.b | 1234567 |$2y$10$ix..|
+----+---------+---------+-----------+
public function customer_login($id,$password)
{
try
{
$stmt = $this->conn->prepare("SELECT * FROM customer WHERE Email=:_email");
$stmt->execute(array(":_email"=>$id));
$userRow=$stmt->fetch(PDO::FETCH_ASSOC);
$id = $userRow['Id'];
$stmtM = $this->conn->prepare("SELECT * FROM customer WHERE Mobile=:_mobile");
$stmtM->execute(array(":_mobile"=>$id));
$userRowM=$stmtM->fetch(PDO::FETCH_ASSOC);
$id = $userRowM['Id'];
if (password_verify($password, $userRow['Password']) || password_verify($password, $userRowM['Password']))
{
$_SESSION['customer'] = $id;
return true;
}
else
{
return false;
}
}
catch(PDOException $ex)
{
echo $ex->getMessage();
}
}
当$id为 abc@a.b 时,它返回 true 。这符合预期!
但是,当
$id为 1234567 时,它将返回 false 。这是不是 符合预期!
答案 0 :(得分:0)
在下面的行中,您正在更改$ id的值。 $ id变量获取表的“ Id”字段的值,该值被馈送到基于移动号码的第二个查询中。这就是原因,您基于手机号码的查询不返回任何结果,并返回false。
$id = $userRow['Id'];
将以上内容分配给其他变量,并保持$ id为初始值。
答案 1 :(得分:0)
// Change this:
$stmt = $this->conn->prepare("SELECT * FROM customer WHERE Email=:_email");
$stmt->execute(array(":_email"=>$id));
$userRow=$stmt->fetch(PDO::FETCH_ASSOC);
$id = $userRow['Id'];
$stmtM = $this->conn->prepare("SELECT * FROM customer WHERE
Mobile=:_mobile");
$stmtM->execute(array(":_mobile"=>$id));
$userRowM=$stmtM->fetch(PDO::FETCH_ASSOC);
$id = $userRowM['Id'];
//to this :
$stmt = $this->conn->prepare("SELECT * FROM customer WHERE Email=:_email or
Mobile=:_mobile limit 0,1 ");
$stmt->execute(array(":_email"=>$id , ":_mobile"=>$id ));
$userRow=$stmt->fetch(PDO::FETCH_ASSOC);
$id = $userRow['Id'];