我正在慢慢地转换一个网站的页面,那里有msqli到pdo。但是,我有一个登录脚本的部分,我不确定它是否可以在PDO中完成,并且是否不能这样做,任何人都有关于如何安全的建议。它与下面的代码部分相关,它是一个多标志,与$ pass_fail变量相关,然后是一个选择查询$ pass_fail_query变量,我可能可以解决。但是,这是我在使用PDO时所困难的多查询?
$pass_fail = "
DELETE FROM `login_fail`
WHERE
`last_fail_login` < DATE_SUB(NOW(), INTERVAL 5 MINUTE);
";
$pass_fail .= "
INSERT INTO login_fail (
user_id,
email,
last_fail_login,
fail_login_ip
) VALUES (
'$user_id',
'$email',
'$last_login_date',
'$ip'
);
";
$pass_fail .= "
UPDATE members SET
`last_fail_login` = '$last_login',
`fail_login_ip`= '$ip'
WHERE
email = '$email'
";
$pass_fail_query = "
SELECT
*
FROM `login_fail`
WHERE
`email` = '$email'
AND `last_fail_login` > date_sub(now(), interval 5 minute)
";
简单地将它们创建为单独的查询。
$pass_fail_delete = $pdo->prepare("
DELETE FROM `login_fail`
WHERE
`last_fail_login` < DATE_SUB(NOW(), INTERVAL 5 MINUTE);
");
$pass_fail_insert = $pdo->prepare("
INSERT INTO login_fail (
user_id,
email,
last_fail_login,
fail_login_ip
) VALUES (
:user_id,
:email,
:last_login_date,
:ip
);
");
$pass_fail_update = $pdo->prepare("
UPDATE members SET
`last_fail_login` = :last_login,
`fail_login_ip`= :ip
WHERE
email = :email
");
$pass_fail_query = $pdo->prepare("
SELECT
*
FROM `login_fail`
WHERE
`email` = :email
AND `last_fail_login` > date_sub(now(), interval 5 minute)
");
然后,而不是使用mysqli_multi_query()在一个呼叫中执行$pass_fail,而是执行3个查询:
$pass_fail_delete->execute();
$pass_fail_insert->execute([':user_id' => $user_id, ':email' => $email, ':last_login_date' => $last_login_date, ':ip' => $ip]);
$pass_fail_update->execute([':last_login' => $last_login, ':ip' => $ip, ':email' => $email]);
$pass_fail_query->execute([':email' => $email]);