-1

更新...

我正在编写准备好的语句,并且收到以下错误消息:

注意:未定义索引:第 34 行 C:\Program Files (x86)\EasyPHP-12.1\www\inlogg_och_lagar\core.inc.php 中的用户名

致命错误:未捕获异常 'PDOException' 并带有消息 'SQLSTATE[42000]:语法错误或访问冲突:1064 您的 SQL 语法有错误;检查与您的 MySQL 服务器版本相对应的手册,以在 C:\Program Files (x86)\EasyPHP-12.1\www\inlogg_och_lagar\core.inc.php:34 中的第 1 行的 ''' 附近使用正确的语法跟踪:#0 C:\Program Files (x86)\EasyPHP-12.1\www\inlogg_och_lagar\core.inc.php(34): PDOStatement->execute(Array) #1 C:\Program Files (x86)\EasyPHP- 12.1\www\inlogg_och_lagar\index.php(23): getuserrow('username') #2 {main} 抛出 C:\Program Files (x86)\EasyPHP-12.1\www\inlogg_och_lagar\core.inc.php 上线34

有人可以告诉我我做错了什么吗?这是一个简单的登录脚本。

这是 loginform.inc.php

    <?php 
        if (isset($_POST['username'])&&isset($_POST['password'])) {

        $username = $_POST['username'] ;    
        $password = $_POST['password'] ;

        $password_hash = md5 ($password);   


        if ($username && $password)
        {     
          $query  ="SELECT * FROM USERDATA where `username` = :username AND `password` = :password";
$stmt = $pdo->prepare($query);
$stmt->execute(array(
   ':username' => $_POST['username'],
   ':password' => $password_hash
));

$row = (bool) $stmt->fetch();
            if (!$rows)
            {   
                  echo '<p class="warning">Fel användarnamn/lösenords kombination.</p>';
            } else {    
                $_SESSION['user_id'] = $row;
                header('Location: index.php');
                exit;
            }
        } else {    
              echo '<p class="warning">Du måste fylla i ett användarnamn och lösenord</p>';
            }
    }
    ?>

        <!--- LOGIN FORM --->
        <div id="form-column">
            <p>You need to be loggedin.</p>
            <p>Fill out username and password.</p>
            <form action="<?php echo $current_file; ?>" method="POST"> 
                Användarnamn: <input type="text" name="username"> 
                Lösenord: <input type="password" name="password">
                <input type="submit" value="Log in">
            </form>
        </div>

这是core.inc.php

    <?php 
    ob_start();
    session_start();
    $current_file = $_SERVER['SCRIPT_NAME'];

    if (isset($_SERVER['HTTP_REFERER'])&&!empty($_SERVER['HTTP_REFERER'])) {
        $http_referer = $_SERVER['HTTP_REFERER'];
    }


    function loggedin () {
        if (isset($_SESSION['user_id'])&&!empty($_SESSION['user_id'])) {
            return true;
        }   else {
            return false;
        }
    }

    function getuserrow ($row) {
    $sql  ="SELECT * FROM USERDATA where id = ?".$_SESSION['user_id']."'";
    global $pdo;
    $stmt = $pdo->prepare($sql);
    $stmt->execute(array($_POST['username']));
    $row = $stmt->fetch();
}

    ?>

这是connect.inc.php

<?php

$dsn = "mysql:host=localhost;dbname=users;charset=utf8";
$opt = array(
    PDO::ATTR_ERRMODE            => PDO::ERRMODE_EXCEPTION,
    PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC
);
$pdo = new PDO($dsn,'root','', $opt);

?>
4

3 回答 3

1

$stmt->execute(array($_POST['username'])) 应该缺少第二个参数

$sql  ="SELECT * FROM USERDATA where username = ? AND password = ?";
$stmt = $pdo->prepare($sql);
$stmt->execute(array($_POST['username'], md5($_POST['password'])));//<== here
于 2013-10-07T08:19:27.450 回答
1

您的 PDO 对象定义为$pdo,但后来引用为$dbh

  • 来自connect.inc.php

    $pdo = new PDO($dsn,'root','', $opt);

  • 来自loginform.inc.php

    global $dbh;
// ...
$stmt = $dbh->prepare($sql);

此外,loginform.inc.php似乎不包括connect.inc.php.

于 2013-10-07T07:52:55.160 回答
1

换这个,

global $pdo;  // <- You don't need this one
$sql  ="SELECT * FROM USERDATA where username = ? AND password = ?";
$stmt = $pdo->prepare($sql);
$stmt->execute(array($_POST['username']));
$row = $stmt->fetch();


$query  ="SELECT * FROM USERDATA where `username` = :username AND `password` = :password";
$stmt = $pdo->prepare($query);
$stmt->execute(array(
   ':username' => $_POST['username'],
   ':password' => $password_hash
));

$row = (bool) $stmt->fetch();

为了避免这种情况,您最好坚持使用命名占位符而不是未命名占位符(如?)。

于 2013-10-07T08:23:22.620 回答