我认识到的一件事是,我在PDO Prepared中设置的子句只有两个这样的子句:
WHERE myemail = :myemail AND mypassword = :mypassword
所以,我现在想尝试的是,我想在PDO Prepared中设置三个子句,如下所示:
WHERE myemail = :myemail, mypassword = :mypassword, AND username = :username
但我不确定我这样做是否正确。我只是自学php。
我问这个问题是因为索引页面只显示了正确的会话电子邮件地址,但显示了错误的用户名。
当我使用"某人"的用户名和"的电子邮件登录时someone@mail.com",索引页显示会话的正确用户名和电子邮件地址。
然而,当我使用"someone"的用户名登录并发送电子邮件时somebody@mail.com",索引页显示正确的电子邮件(somebody@ymail.com)但使用错误的用户名(某人)而不是(某人)。
这是我的代码:
// Define $myusername and $mypassword
$myemail=$_POST['myemail'];
$mypassword=$_POST['mypassword'];
// We Will prepare SQL Query
$STM = $dbh->prepare("SELECT * FROM newuser WHERE myemail = :myemail AND mypassword = :mypassword");
// bind paramenters, Named paramenters alaways start with colon(:)
$STM->bindParam(':myemail', $myemail);
$STM->bindParam(':mypassword', $mypassword);
// For Executing prepared statement we will use below function
$STM->execute();
// Count no. of records
$count = $STM->rowCount();
//just fetch. only gets one row. So no foreach loop needed :)
$row = $STM -> fetch();
// User Redirect Conditions will go here
if ( $count == 1 ) {
$_SESSION['login_id'] = $row['id'];
$_SESSION['username'] = $row['username']; // added
$_SESSION['myemail'] = $row['myemail']; // added
if ( $_SESSION['login_id'] != '' || $_SESSION['login_id'] > 0 ) { // edited
header("location: index.php");
} else {
header("location: login3.html");
}
}
<?php
include('UserSessionAdmin.php');
$username = $_SESSION['username'];
$myemail = $_SESSION['myemail'];
?>
<body>
<?php echo $username; ?>
<?php echo $myemail; ?>
</body>
UserSessionAdmin.php
<?php
session_start();
if ( $_SESSION['login_id'] == 0 || $_SESSION['login_id'] == '' ) {
header('location: login.html');
exit();
}
require_once('configPDO.php');
?>
更新:
当我在$count==1
行之前添加echo var_dump($row);
时,页面显示以下结果:
array(6) { ["username"]=> string(8) "Somebody" [0]=> string(8) "Somebody" ["myemail"]=> string(17) "somebody@mail.com" [1]=> string(17) "somebody@mail.com" ["mypassword"]=> string(8) "thebest2" [2]=> string(8) "thebest2" }
WHERE myemail = :myemail, mypassword = :mypassword, AND username = :username
再扔一个AND
:
WHERE myemail = :myemail AND mypassword = :mypassword AND username = :username
当我使用"某人"的用户名和"的电子邮件登录时someone@mail.com",索引页显示会话的正确用户名和电子邮件地址。
您应该使用数据库中的数据作为真相的来源,而不是用户在表单中输入的内容。执行查询并仅依赖结果集中的数据。
从你所说的来看,这很奇怪,下面是我如何调试它:
header("location: index.php?username=".$row['username]."&myemail=".$row['myemail']);
然后
<?php
include('UserSessionAdmin.php');
//$username = $_SESSION['username'];
//$myemail = $_SESSION['myemail'];
$username = $_GET['username'];
$myemail = $_GET['myemail'];
?>
<body>
<?php echo $username; ?>
<?php echo $myemail; ?>
</body>
这不是一个直接的答案,这将帮助你缩小问题范围。
如果这样做有效,那么SESSION显然对此负责。
编辑:
使用$_GET
只是为了调试,当然它并不是为了调试。
现在我们知道了它的会话,你总是需要确保它已经启动。
设置时:
if ( $count == 1 ) {
session_start();
$_SESSION['login_id'] = $row['id'];
$_SESSION['username'] = $row['username'];
$_SESSION['myemail'] = $row['myemail'];
...
}
当你得到它:
include('UserSessionAdmin.php');
session_start();//again!
$username = $_SESSION['username'];
$myemail = $_SESSION['myemail'];
在WHERE查询中的每个子句之间使用AND,如下所示:
WHERE myemail = :myemail AND mypassword = :mypassword AND username = :username
用于选择字段。(还有一些其他的东西,但不是为了把WHERE子句串在一起)
编辑:自从给出这个答案以来,这个问题已经被严重改变了,所以它不再相关。