我一直在試圖弄清楚這一點。這很容易,但我不能找到這個錯誤。這看起來像是錯誤的,因爲以上所有的東西都有效。當我填充輸入並單擊登錄按鈕時,該腳本將無法工作。登錄無效
if (isset($_POST['submit']) AND (!empty($_POST['username']) AND (!empty($_POST['password'])))) {
$username = $_POST['username'];
$password = $_POST['password'];
$pass = hash('sha256',$password);
$select = $db->prepare("SELECT * FROM users WHERE username= :username AND password= :password");
$select->bindParam(':username', $username);
$select->bindParam(':password', $pass);
$select->execute();
foreach ($select as $data) {
if ($data['username'] == $username AND $data['password'] == $pass) {
$_SESSION['username'] = $username;
$_SESSION['id'] = $data['id'];
?>
<div class="echos">
<?php
echo "Login completed" . "<br>";
echo "<a href='http://jezecek.nostools.cz/'>Homepage</a>";
}
else {
echo "Wrong username or password!" . "<br>";
echo "<a href='http://jezecek.nostools.cz/include/registration.php'>Try again</a>";
}
}
}
else {
echo "Fill all fields!" . "<br>";
echo "<a href='http://jezecek.nostools.cz/include/login.php'>Try again</a>";
}
?>
</div>
即使我用使用fetchall()就是這樣,它仍然不起作用
$select = $db->prepare("SELECT * FROM users WHERE username= :username AND password= :password");
$select->bindParam(':username', $username);
$select->bindParam(':password', $pass);
$select->execute();
$result = $select->fetchAll();
foreach ($result as $data) {
if ($data['username'] == $username AND $data['password'] == $pass) {
$_SESSION['username'] = $username;
$_SESSION['id'] = $data['id'];
?>
<div class="echos">
<?php
echo "Login completed" . "<br>";
echo "<a href='http://jezecek.nostools.cz/'>Homepage</a>";
}
首先:用'pa ssword_hash()'*安全地*散列你的密碼。只是調用sha256一次**不安全。 –
忘記在execute()後獲取數據。閱讀http://php.net/manual/en/pdostatement.fetch.php – Saty
您需要爲數據庫調用添加錯誤處理,例如通過讓PDO拋出異常。注意你的邏輯是錯誤的:當你同時選擇用戶名和密碼時,你會發現唯一的行總是符合這些條件。在這種情況下找不到行時會出現錯誤的用戶名/密碼。 – jeroen