1

继续本主题,我们解释了 PDO 的大多数问题如何使用已弃用的 mysql_* 函数成功重写旧的 mysql-php 代码?现在关于理解准备好的语句...因此,为了删除 mysql_* 字符串,有一些示例,因此我对所有用户和其他用户的问题可能会有所帮助,哪种解决方案是最好的...所以旧的“组成*代码”示例:

in config.php: 
$db = new dbConn('127.0.0.1', 'root', 'pass', 'people', 'login');
in login.php
$db->selectDb("login");
$query = mysql_query("SELECT * FROM account WHERE id='".$_session["id"]."' LIMIT 1");  
$result = mysql_fetch_array($query);

$_session["id"] 是在实际登录时定义的,所以现在我们有几个选项可以这样做:

In config.php:
$db_people = new PDO('mysql:host=127.0.0.1;dbname=people;charset=UTF-8', 'root', 'pass');
$db_login = new PDO('mysql:host=127.0.0.1;dbname=login;charset=UTF-8', 'root', 'pass');

And in login.php 1):
$stmt = $db_login->prepare("SELECT * FROM account WHERE id=? LIMIT 1");
$stmt->execute(array($_session["id"]));
$results = $stmt->fetchAll(PDO::FETCH_ASSOC);

或者排除查询时这个更好?还是上一个更好?

And in login.php 2):    
$query = "SELECT * FROM account WHERE id=? LIMIT 1";
$parameters = array($_session["id"]);
$statement = $db_login->prepare($query);
$statement->execute($parameters);
$results = $statement->fetch(PDO::FETCH_ASSOC);

这个登录表单:

  public function login($user, $password)
  {
    global $web, $db;    
    if (!empty($user) && !empty($password))
    {    
      $user = $web->esc($user);
      $password = $web->doHash($user, $password);

      $db->selectDb('login');
      $qw = mysql_query("SELECT * FROM account WHERE username='".$user."' AND pass_hash='".$password."'");

      if (mysql_num_rows($qw) > 0)      
      {    
        $result = mysql_fetch_array($qw); 
        $_session['name'] = $result['username'];
        $_session['id'] = $result['id'];  
        return true;          
      }
      else
        return false;        
    }
    else
      return false;
  }

转入此表格:

  public function login($user, $password)
  {
    global $web, $db_login;    
    if (!empty($user) && !empty($password))
    {    
      $user = $web->esc($user);
      $password = $web->doHash($user, $password);

      $stmt = $db_login->prepare("SELECT * FROM account WHERE username=? AND pass_hash=?");
      $stmt->execute(array($user, $password));
      $rows = $stmt->rowCount();

      if ($rows > 0)      
      {    
        $result = $stmt->fetchAll(PDO::FETCH_ASSOC); 
        $_session['name'] = $result['username'];
        $_session['id'] = $result['id'];  
        return true;          
      }
      else
        return false;        
    }
    else
      return false;
  }

可以还是再次进行单独的查询,或者以完全不同的方式进行?谢谢你们。

Also when there is multiple stmt should I use different name for it? For example I use stmt once and make a result1 after I do stmt second with result2 should I choose different name also for stmt variable or only result name is ok to be different?

4

1 回答 1

0

OK so solution login.php 1) seems to be ok simple and no rush. Also the login page seems to be working fine and therefore it should be according to every rules and ok :)

于 2012-06-07T21:15:42.570 回答