1. 首頁
  2. 問答
  3. 請幫我將PDO從舊的mysql轉換爲此代碼

請幫我將PDO從舊的mysql轉換爲此代碼

2013-04-30 68 views
-2

我是MySQL和PHP的新手。我一直在做一個像某種博客一樣的項目。但我聽說老的MySQL很脆弱或容易被破解。所以我被建議使用PDO。但我很困惑如何將此代碼轉換爲PDO。請幫幫我。請幫我將PDO從舊的mysql轉換爲此代碼

<?php 

//Start session 
session_start(); 

//Include database connection details 
require_once('scripts/dblog.php'); 

//Array to store validation errors 
$errmsg_arr = array(); 

//Validation error flag 
$errflag = false; 

//Function to sanitize values received from the form. Prevents SQL injection 
function clean($str) { 
    $str = @trim($str); 
    if(get_magic_quotes_gpc()) { 
     $str = stripslashes($str); 
    } 
    return mysql_real_escape_string($str); 
} 

//Sanitize the POST values 
$username = clean($_POST['username']); 
$password = clean($_POST['password']); 

//Input Validations 
if($username == '') { 
    $errmsg_arr[] = 'Username missing'; 
    $errflag = true; 
} 

if($password == '') { 
    $errmsg_arr[] = 'Password missing'; 
    $errflag = true; 
} 

//If there are input validations, redirect back to the login form 
if($errflag) { 
    $_SESSION['ERRMSG_ARR'] = $errmsg_arr; 
    session_write_close(); 
    header("location: login.php"); 
    exit(); 
} 

//Create query 
$qry="SELECT * FROM member WHERE BINARY username='$username' AND BINARY password='$password'"; 
$result=mysql_query($qry); 

//Check whether the query was successful or not 
if($result) { 
    if(mysql_num_rows($result) > 0) { 
     //Login Successful 
     session_regenerate_id(); 
     $member = mysql_fetch_assoc($result); 
     $_SESSION['SESS_MEMBER_ID'] = $member['mem_id']; 
     $_SESSION['SESS_FIRST_NAME'] = $member['username']; 
     $_SESSION['SESS_LAST_NAME'] = $member['password']; 

     session_write_close(); 
     header("location: post.php"); 
     exit(); 
    } else { 
     //Login failed 
     $errmsg_arr[] = '<div class="alert alert-error">user name and password not found</div>'; 
     $errflag = true; 
     if($errflag) { 
     $_SESSION['ERRMSG_ARR'] = $errmsg_arr; 
     session_write_close(); 
     header("location: login.php"); 
     exit(); 
     } 
    } 
} else { 
    die("Query failed"); 
} 
?>

來源

2013-04-30 Fahad Ahammed

+2

什麼幫助你實際上是要求?爲你重寫這段代碼? – 2013-04-30 14:08:24

+0

如果有可能...如果不是,那麼至少告訴我使用該代碼是否過時並容易破解? – 2013-04-30 14:15:22

回答

0

您需要創建一個包含數據源名稱的PDO對象,它是一個像這樣的字符串:

$dsn = "mysql:dbname=DATABASENAME;host=localhost;";

您創建PDO對象這樣的,這是基本的mysql_connect的equivilent ():

$database = new PDO($dsn, "Username", "Password");

要執行你使用的查詢:(的mysql_query的equivilent())

$query = $database->query("SELECT * FROM table where name = ?", ['Test']);

獲取結果的使用(mysql_fetch_array的eqivilent())$query->fetchAll(PDO::FETCH_OBJ);

來源

2013-04-30 14:14:13 Liam

+0

非常感謝。 :-)對PDO有更清晰的認識。 – 2013-04-30 14:31:30

0

希望這將幫助你

<?php 
try { 
    $dbh=new PDO('mysql:host=localhost;dbname=mysql','user','pass'); 

    $qry="SELECT * FROM member WHERE BINARY username='$username' AND BINARY password='$password'"; 
    //$result=mysql_query($qry); 
    $result=$dbh->query($qry); 
}catch (PDOException $e){ 
    print "PDO ERROR :".$e->getMessage()."<br/>"; 
    die(); 
} 






//Check whether the query was successful or not 
if($result) { 
    if($result->rowCount() > 0) { 
     //Login Successful 
     session_regenerate_id(); 
     $member = $result->fetchAll(PDO::FETCH_ASSOC); 
     $_SESSION['SESS_MEMBER_ID'] = $member['mem_id']; 
     $_SESSION['SESS_FIRST_NAME'] = $member['username']; 
     $_SESSION['SESS_LAST_NAME'] = $member['password']; 
     session_write_close(); 
     header("location: post.php"); 
     exit(); 
    }else { 
     //Login failed 
     $errmsg_arr[] = '<div class="alert alert-error">user name and password not found</div>'; 
     $errflag = true; 
     if($errflag) { 
      $_SESSION['ERRMSG_ARR'] = $errmsg_arr; 
      session_write_close(); 
      header("location: login.php"); 
      exit(); 
     } 
    } 
}else { 
    die("Query failed"); 
} 
$dbh=null; //close pdo 
?>

來源

2013-04-30 14:19:30 user2336173

1

儘管這個問題太過本地化,has been asked MANY times already - 只是爲了向你展示更好的實踐tice

  • 你需要綁定你的參數。
  • 最好少寫一些代碼。這將節省您的時間上打字
  • tag wiki

描述,以便連接,在這裏你去

session_start(); 
require_once('scripts/dblog.php'); 

$sql = "SELECT * FROM member WHERE username=? AND password=?"; 
$stm = $pdo->prepare($sql); 
$stm->execute($_POST); 
$row = $stm->fetch(); 

if($row) { 
    session_regenerate_id(); 
    $_SESSION['user'] = $row; 
    $loc ='post.php'; 
} else { 
    $_SESSION['ERRMSG_ARR'] = 'user name and password not found'; 
    $loc ='login.php'; 
} 
session_write_close(); 
header("location: $loc");

來源

2013-04-30 14:27:05

相關問題

 相關問題