1

我是一个相当新的程序员,尤其是在 PHP 方面,因为我来自 VB 环境。

以下是我遇到问题的功能,如您所见,我已经进行了很多尝试(在评论中)。我想我把评论留在那里,以防我与我的其他尝试更接近。

我以前从未使用过 PDO,正如您所见,此功能几乎允许用户登录。

线if($temp == $_POST['password'])就是问题所在。显然 $temp 是未定义的,但我不明白为什么,我什至在函数的顶部声明了它以确保它。有人有想法么?

public function load_user_data() {

        $temp;
        $sql;

        try{

            // $STH = dbHandler::$DBH->prepare("SELECT * FROM tblCustomer WHERE email = :email");
            // $STH->bindValue(':email', $this->email); 
            // $STH->execute();
            // $posts = $STH->fetch(PDO::FETCH_ASSOC); //If only fetch 1 line use just "fetch" instead of "fetchAll"
            // echo '<pre>';
            // print_r($posts);
            // echo '</pre>';

            //--------

            $STH = dbHandler::$DBH->prepare("SELECT password FROM tblCustomer WHERE email = :email");
            $STH->bindValue(':email', $_POST['usermail']); 
            $STH->setFetchMode(PDO::FETCH_ASSOC);

            while($row = $STH->fetch()) {
                $temp = $row;
            }

            //$temp = $STH->fetch(['password']);

            // while($row = $STH->fetch()) {
            //     $temp = $row['password'];
            // }

            //--------

            // $sql = "SELECT password FROM tblCustomer WHERE email = :email";
            // $stmt = $PDO->query($sql); 
            // $row = $stmt->fetchObject();
            // $temp = $row->password;

            if($temp == $_POST['password']) {

                $STH = dbHandler::$DBH->prepare("SELECT * FROM tblCustomer WHERE email = :email");
                $STH->bindValue(':email', $this->email); 
                $STH->setFetchMode(PDO::FETCH_ASSOC);

                echo("we have reached here");

                while($row = $STH->fetch()) {
                    $firstname = $row['firstName'];
                    $lastname = $row['secondName'];
                    $title = $row['title'];
                    $companyname = $row['companyName'];
                    $email = $row['email'];
                    $phone = $row['phone'];
                    $email = $row['mobile'];
                    $startdate = $row['startDate'];
                    $isauthorised = $row['isAuthorised'];
                    $accstop = $row['accStop'];
                    $stopdate = $row['stopdate'];
                }
            }
        }
        catch (PDOException $e) {
            print $e->getMessage();
        }
    }
4

1 回答 1

3

问题在这里:

        $STH = dbHandler::$DBH->prepare("SELECT password FROM tblCustomer WHERE email = :email");
        $STH->bindValue(':email', $_POST['usermail']); 
        $STH->setFetchMode(PDO::FETCH_ASSOC);

        while($row = $STH->fetch()) {
            $temp = $row;
        }

首先,您需要执行以下操作:

        $STH->execute();

在您尝试获取行之前。

其次,如果查询不匹配任何行,您的while循环将永远不会进入正文,因此$temp不会被设置。由于您显然只希望从查询中获得一行,因此您不需要使用while. 相反,请执行以下操作:

if ($temp = $STH->execute()) {
    // all the code that depends on finding a row goes here
    ...
}

在该块内,您需要执行以下操作:

if ($temp['password'] == $_POST['password'])
于 2013-10-05T13:25:57.443 回答