小贝子编程

简化PDO查询构建的多个语句



我编写了以下代码来确定谁是管理员,谁是员工。它运行得很好,但我想知道是否有办法进一步简化这段代码。任何帮助都将不胜感激。感谢

<?php
session_start();
include('includes/con.php');
if (isset($_POST['admin'])) {
$uname = $_POST['username'];
$password = md5($_POST['password']);
$sql = "SELECT username,password FROM admin WHERE username=:uname and password=:password";
$query = $dbh->prepare($sql);
$query->bindParam(':uname', $uname, PDO::PARAM_STR);
$query->bindParam(':password', $password, PDO::PARAM_STR);
$query->execute();
$results = $query->fetchAll(PDO::FETCH_OBJ);
if ($query->rowCount() > 0) {
$_SESSION['admin'] = $_POST['username'];
echo "<script type='text/javascript'> document.location = 'home.php'; </script>";
} else
$aerror = "admin error";
} elseif (isset($_POST['staff'])) {
$uname = $_POST['username'];
$password = md5($_POST['password']);
$sql = "SELECT username,password FROM staff WHERE username=:uname and password=:password";
$query = $dbh->prepare($sql);
$query->bindParam(':uname', $uname, PDO::PARAM_STR);
$query->bindParam(':password', $password, PDO::PARAM_STR);
$query->execute();
$results = $query->fetchAll(PDO::FETCH_OBJ);
if ($query->rowCount() > 0) {
$_SESSION['staff'] = $_POST['username'];
echo "<script type='text/javascript'> document.location = 'home.php'; </script>";
} else
$serror = "staff error";

}
?>

您是否将登录站点(管理员和工作人员(放在一个位置?如果你把它们放在一起,你怎么能识别用户的权限登录?

---更新---

将$_POST["staff"]和$_POST"admin'"]更改为$_POST〔"permission"〕

为了安全起见,您需要$allowPermission来避免SQLinjection


$allowPermission = ['admin', 'staff'];
if (isset($_POST['permission'])) {
$permission = $_POST['permission'];
if(!in_array($permission, $allowPermission)){
$error = "{$permission} is error";
echo $error;
return false;
}
$uname = $_POST['username'];
$password = md5($_POST['password']);
$sql = "SELECT username,password FROM `{$permission}` WHERE username=:uname and password=:password";
$query = $dbh->prepare($sql);
$query->bindParam(':uname', $uname, PDO::PARAM_STR);
$query->bindParam(':password', $password, PDO::PARAM_STR);
$query->execute();
$results = $query->fetchAll(PDO::FETCH_OBJ);
if ($query->rowCount() > 0) {
$_SESSION[$permission] = $_POST['username'];
echo "<script type='text/javascript'> document.location = 'home.php'; </script>";
} else{
$error = "{$permission} is error";
echo $error;
}
}

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium