0

我正在尝试准备、执行、获取我的成员表。但是每次我尝试获取 SQL 语句时都会出错。

这是我的代码

<?php
include('../database.php');
$errmsg_arr = array();
$errflag = false;
$login = $_POST['login'];
$password = $_POST['password'];
if($login == '') {
  $errmsg_arr[] = "Username's missing";
  $errflag = true;
}
if($password == '') {
  $errmsg_arr[] = "Password's missing";
  $errflag = true;
}
if($errflag==true) {
  $_SESSION['ERRMSG_ARR'] = $errmsg_arr;
  //header("Location: ../index.php");
}
$sql = 'SELECT * FROM members WHERE login=:login && passwd=:passwd';
$login = $pdo->prepare($sql, array(PDO::ATTR_CURSOR => PDO::CURSOR_FWDONLY));
$pass = hash('sha1',$password,TRUE);
$arr = array(':login' => $login, ':passwd' => $pass);
$login->execute($arr);
$member = $login->fetchAll();
if (!empty($member) ){
foreach($member as $row){echo $row['login'];$_SESSION['SESS_MEMBER_ID'] = $row['member_id'];$_SESSION['username'] = $row['login'];$_SESSION['password'] = $row['passwd'];}
} else {
echo "Error.";
}
//header("Location: ../index.php");
?>

完整错误:

Catchable fatal error: Object of class PDOStatement could not be converted to string in /var/www/html/login/login-exec.php on line 22 Call Stack: 0.0002 341584 1. {main}() /var/www/html/login/login-exec.php:0 0.0007 344512 2. PDOStatement->execute() /var/www/html/login/login-exec.php:22

第 22 行:

$member = $login->fetchAll();

编辑这是尝试以下所有内容后的新代码

$sql = 'SELECT * FROM members WHERE login=:login AND passwd=:passwd';
$login = $pdo->prepare($sql);
$pass = hash('sha1',$password,TRUE);
$arr = array(':login' => $_POST['login'], ':passwd' => $pass);
$login->execute($arr);
var_dump($login);
$member = $login->fetchAll();
print_r($member);

新错误:

object(PDOStatement)#3 (1) { ["queryString"]=> string(59) "SELECT * FROM members WHERE login=:login AND passwd=:passwd" }
4

1 回答 1

0

看看你在做什么。

$login = $pdo->prepare($sql, array(PDO::ATTR_CURSOR => PDO::CURSOR_FWDONLY));
$pass = hash('sha1',$password,TRUE);
$arr = array(':login' => $login, ':passwd' => $pass);

$login是您刚刚准备的 PDOStatement。你为什么将它传递给语句的参数?将您的数组分配更改为

$arr = array(':login' => $_POST['login'], ':passwd' => $pass);

编辑:您的查询似乎也有一个小错误。更改&&AND

于 2013-05-25T16:45:05.223 回答