PHP PDO登录脚本不起作用 [英] PHP PDO Login script not working

问题描述

另一个新手在这里. 我正在尝试修复以下代码，以防止sql注入，并学习编写php和sql的新方法.

Another newbie here.. I'm trying to fix below code to prevent sql injection and learn the new way of writing php and sql.

非常感谢您的建议.

我修改了

<?php

class DB_Functions {

    private $db;

    function __construct() {

        require_once 'db_connect.php';

        $this->db = new DB_Connect();
        $this->db->connect();
    }

    public function getUser($uid, $password) {
        $result = mysql_query("SELECT * FROM users WHERE id = '$uid' AND pswd = '$password'") or die(mysql_error());

        $no_of_rows = mysql_num_rows($result);

        if ($no_of_rows > 0) {

            $result = mysql_fetch_array($result);
            return $result;    

        } else {

            return false;
        }
    }
}

?>

对此，我没有得到相同的结果.

to this and i don't get the same result..

<?php

class DB_Functions {

    private $db;

    function __construct() {

        require_once 'db_connect.php';

        $this->db = new DB_Connect();
        $this->db->connect();
    }

    public function getUser($uid, $password) {
        $sql = $db->prepare("SELECT * FROM users WHERE id=:id AND pswd=:password");
        $result = $db->query($sql);
        $no_of_rows = mysql_num_rows($result);

        if ($no_of_rows > 0) {

            $result = mysql_fetch_array($result);
            return $result;    

        } else {

            return false;
        }
    }
}
?>

推荐答案

您不能将mysql与mysqli或PDO混合使用.您需要查看错误日志，因为这不可能发生-您应该看到大量致命错误.

You can't mix mysql with mysqli or PDO. You need to look at your error logs because this should not be possible - you should be seeing tons of fatal errors.

public function getUser($uid, $password) {
    $stmt = $db->prepare("SELECT * FROM users WHERE id=? AND pswd=?");
    $stmt->execute(array($uid, $password));
    return $stmt->fetch();
}

这篇关于PHP PDO登录脚本不起作用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！