檢查用戶名和密碼，PHP

Question

我試圖創建一個PHP的用戶名和密碼檢查，但不能讓它的工作，這裏是代碼：

<?php 
$servername = "iphere"; 
$user = "userhere"; 
$pass = "passwordhere"; 
$dbname = "databasehere"; 

try { 
    $username = $_GET['username']; 
    $password = $_GET['password']; 
    $conn = new PDO("mysql:host=$servername;dbname=$dbname", $user, $pass); 
    $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); 
    $stmt = $conn->prepare("SELECT username FROM users WHERE username = :name AND password = :password"); 
    $stmt->bindParam(':name', $username); 
    $stmt->bindParam(':password', $password); 
    $stmt->execute(); 
    $result = $stmt->setFetchMode(PDO::FETCH_ASSOC); 

    if($username == $result && $password == $result) 
    { 
     echo "OK"; 
    } 
    else 
    { 
     echo "not OK"; 
    } 


} 
catch(PDOException $e) { 
    echo "Error"; 
} 
$conn = null; 
?> 

它不給任何錯誤或任何東西。它只是回聲好，那就是它。順便說一句，我用GET來做我的另一個項目。所以我稍後會改變它。

Answer 1

除非有一個錯誤，這一點：

$result = $stmt->setFetchMode(PDO::FETCH_ASSOC); 

永遠是布爾值true。

然後，您可以執行此測試：

if($username == $result && $password == $result) 

非空字符串將總是等於true。

---

計數從數據庫返回的行數。

Answer 2

忽略的事實是：

• 你的密碼是明文你使用bindParam無故

然後，我會使用的代碼會是這樣的（沒有測試，小心）：

$stmt = $pdo->prepare("SELECT COUNT(*) AS user_exists FROM users WHERE username = :username AND password = :password"); 

$stmt->execute([':username' => $username, ':password' => $password]); 

// This will return the value of first column, our query will always produce 1 row with 1 column 
$exists = $stmt->fetchColumn(); 

// If you are using MySQL ND (native driver), then the above result will be 
// accurately represented as an integer so we can use it in an if() statement like this 
if($exists) 
{ 
    echo "OK!"; 
} 
else 
{ 
    echo "Not ok!"; 
}