我正在尝试制作一个 php 登录文件,用于查询我的 SQL 数据库以获取正确的用户名和密码。当我checklogin.php从dao.php. 我有一个register.php适用于我的dao.php. 以下是我的所有代码。我相信我的问题来自dao.php.
checklogin.php:
<?php
require_once "DAO.php";
$dao = new DAO();
// Get data from form POST
$username = (isset($_POST["username"])) ? $_POST["username"] : "";
$password = (isset($_POST["password"])) ? $_POST["password"] : "";
// MySQL Injection Protection Section (the rhymez)
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
// End protection
//echo $username;
//echo $password;
//echo $dao->getUser($username, $password);
if(!$dao->getUser($username, $password)){
//echo "Wrong usernamer or password";
header("location: login.html");
}
else{
//echo "Logic successful";
header("location: index.php");
}
?>
道.php:
<?php
class DAO {
private $host = "localhost";
private $db = "webdev";
private $user = "root";
private $pass = "secret";
public function getConnection () {
//echo "hello";
try {
$dbh = new PDO("mysql:host={$this->host};dbname={$this->db}", $this->user,$this->pass);
} catch (PDOException $e) {
echo 'Connection failed: ' . $e->getMessage();
}
//echo "success";
return $dbh;
}
public function registerUser($username, $password, $email, $name) {
$conn = $this->getConnection();
$saveQuery = "INSERT INTO users(login, pass, email, fname) VALUES (:username, :password, :email, :name)";
$q = $conn->prepare($saveQuery);
$q->bindParam(":username", $username);
$q->bindParam(":password", $password);
$q->bindParam(":email", $email);
$q->bindParam(":name", $name);
$q->execute();
}
public function getUser($username, $password){
$conn = $this->getConnection();
$getQuery = "SELECT login FROM users where login=:username and pass=:password";
$q = $conn->prepare($getQuery);
$q->bindParam(":username" $username);
$q->bindParam(":password", $password);
$q->execute();
//$conn->query($getQuery);
$count = $q->fetch(PDO::FETCH_NUM);
if($count == 1){
echo "hi";
session_register(":username");
return true;
}
else{
echo "hi";
return false;
}
}
} // end Dao
?>
注册.php:
<?php
require_once "DAO.php";
$dao = new DAO();
// Get data from form POST
$username = (isset($_POST["username"])) ? $_POST["username"] : die('Error: Username / Password field was blank');
$password = (isset($_POST["password"])) ? $_POST["password"] : header("location: index.php");
$email = (isset($_POST["email"])) ? $_POST["email"] : "";
$name = (isset($_POST["name"])) ? $_POST["name"] : "";
// MySQL Injection Protection Section (the rhymez)
$username = stripslashes($username);
$password = stripslashes($password);
$email = stripslashes($email);
$name = stripslashes($name);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$email = mysql_real_escape_string($email);
$name = mysql_real_escape_string($name);
// End protection
$dao->registerUser($username, $password, $email, $name);
header("location: appointment.php");
?>
编辑(解决了它): 想通了。我使用您的常识代码中的位来解决它。
getUser function:
public function getUser($username, $password){
$conn = $this->getConnection();
$getQuery = "SELECT login FROM users WHERE login=:username AND pass=:password";
$q = $conn->prepare($getQuery);
$q->bindParam(":username", $username);
$q->bindParam(":password", $password);
$q->execute();
$rows = $q->fetchAll();
return empty($rows); // True if account doesn't exist
}
检查登录.php:
<?php
require_once "DAO.php";
$dao = new DAO();
// Get data from form POST
$username = (isset($_POST["username"])) ? $_POST["username"] : "";
$password = (isset($_POST["password"])) ? $_POST["password"] : "";
// MySQL Injection Protection Section (the rhymez)
$username = stripslashes($username);
$password = stripslashes($password);
// End protection
// Failure
if($dao->getUser($username, $password)){
header("location: login.html");
}
// Successful login
else{
header("location: index.php");
}
?>
谢谢你们的帮助。