0

我有一个简单的登录系统,但在尝试获取行数时却一无所获,以前一直使用的方法相同,我不知道今天发生了什么。

代码:

<?php
class LoginClass {
    public $User;
    public $Pass;
    public $Query;
    function Init() {
        $User = $this->User;
        $Pass = $this->Pass;
        if($User != '')
        {
            if($Pass != '')
            {
                $this->HashPass();
            }
            else
            {
                echo 'Please Enter A Password.';
            }
        }
        else
        {
            echo 'Please Enter A Username or E-Mail.';
        }
    }

    function HashPass() {
        $Pass = $this->Pass;
        $this->Pass = hash('sha256', $Pass);
        $this->CheckUser();
    }

    function CheckUser() {
        $User = $this->User;
        if(!filter_var($User, FILTER_VALIDATE_EMAIL))
        {
            $this->Query = 'SELECT * FROM Users WHERE User = "'.$User.'" AND Pass = "'.$this->Pass.'"';
        }
        else
        {
            $this->Query = 'SELECT * FROM Users WHERE EMail = "'.$User.'" AND Pass = "'.$this->Pass.'"';
        }
        $this->CheckDB();
    }

    function CheckDB() {
        $Query = $this->Query;
        $Connect = new mysqli("127.0.0.1", "root", "", "Data");
        $Stmt = $Connect->prepare($Query)
        $Stmt->execute();
        $Stmt->store_result();
        echo $Stmt->num_rows;
        $Stmt->close();
        $Connect->close();
    }

    function SetupSession() {
        echo 'Test';
    }
}

Check DB 是这里的问题,我能够在该函数中回显查询变量一切都很好,这正是我得到的

SELECT * FROM Users WHERE User = "Test" AND Pass = "532eaabd9574880dbf76b9b8cc00832c20a6ec113d682299550d7a6e0f345e25"

我还检查了我的数据库,我所有的表都设置正确并且没有密码。

4

1 回答 1

0

好的,需要比评论区更多的空间,问题显然在这个块中:

function CheckDB() {
    $Query = $this->Query;
    $Connect = new mysqli("127.0.0.1", "root", "", "Data");
    $Stmt = $Connect->prepare($Query)
    $Stmt->execute();
    $Stmt->store_result();
    echo $Stmt->num_rows;
    $Stmt->close();
    $Connect->close();
}

我认为这是因为您没有将参数绑定到准备好的语句,您已经将它们内联包含在之前的语句中。因此,您可能想要:

切换到非准备好的语句

这里最简单的选择是切换到未准备好的语句。将您的块替换为:

function CheckDB() {
    $Query = $this->Query;
    $Connect = new mysqli("127.0.0.1", "root", "", "Data");
    $Stmt = $Connect->query($Query)
    echo $Stmt->num_rows;
    $Stmt->close();
    $Connect->close();
}

使用这种方法要注意一点:您需要在定义的块中清理您的用户输入$User,否则您会让自己对 mysql 注入开放。在该块中,更改此行:

$User = $this->User;

到以下:

$User = mysql_real_escape_string($this->User);
于 2013-04-21T16:35:05.237 回答