PDO prepare()错误Php / Mysql

时间:2011-08-03 22:46:43

标签: php mysql pdo

PHP     

session_start(); 
$username = $_POST['regduser']; 
$userpass = md5($_POST['regdpass']); 
$sql = $sql->prepare("SELECT * from Students WHERE regduser='$username' and regdpass='$userpass'");
$sql->bindParam(':username', $username);
$sql->bindParam(':userpass', $userpass);
$stmnt->execute();
$result = mysql_query($sql); 
if (mysql_num_rows($result)!= 1) { 
 $error = "Login failed"; 
 #include "loginform.php"; 
} else { 
    echo "<h1>exists</h1>";
 #$_SESSION['regduser'] = "$username"; 
 #$_SESSION['ip'] = $_SERVER['REMOTE_ADDR']; 
 // any other data needed to navigate the site or 
 // to authenticate the user can be added here 
 #include "membersection.php"; 
}

?>

HTML: 

<form action="inc/check_regUsr.php" method="post" id="userLogon">
    <div class="field required">
        Username: <input type="text" name="regduser" tabindex="1" /><br />
        </div>
        <div class="field required">
        Password: <input type="password" name="regdpass" tabindex="2" /><br />
        </div>
        <input type="submit" name="submitUser" />
</form>

致命错误:在第9行的非对象上调用成员函数prepare() 那条线是:

$sql = $sql->prepare("SELECT * from Students WHERE regduser='$username' and regdpass='$userpass'");

我在这里做错了什么?!

2 个答案:

答案 0 :(得分:5)

哦,从哪里开始...

  1. 数据库连接$sql在哪里?
  2. 在准备好的陈述中使用:placeholdername,而不是$placeholdername
  3. 您正在覆盖$sql,如果您有数据库连接,则会销毁它。
  4. $stmnt不存在
  5. mysql_query做什么?您有3个选项:mysqlmysqliPDO。坚持一个,不要混合和匹配。

答案 1 :(得分:2)

$sql根本不是对象。它必须是一个对象,例如来自PDO的对象,例如$sql = new PDO(…)

此外,您应使用MD5哈希密码,请参阅Secure hash and salt for PHP passwords

相关问题
最新问题