使用PDO和PHP检查MySQL数据的变量

Question

I have the following variables that were inputted in the previous login form and submitted:

$login = $_POST['login'];
$password = $_POST['password'];

I connect to my MySQL Database using a PDO as follows:

require_once('agent-config.php');
    try {
$conn = new PDO(A_DB_HOST, A_DB_USER, A_DB_PASSWORD);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
} catch (PDOException $e) {
echo 'Connection failed: ' . $e->getMessage();
}

Next, I use the variables $login and $password to select the matching username and password:

//Create SELECT query    
$qry = $conn->prepare("SELECT * FROM members WHERE login=? AND passwd=?");
    $qry->bindParam(1, $login);
    $qry->bindParam(2, $password);

Lastly, I check whether the query was successful or not using:

//Check whether the query was successful or not
    if($qry->execute())
    $count = $qry->rowCount();
    echo $count;
    print_r($qry);
    if($count >0) {
        //Login Successful
        session_regenerate_id();
        $member = $qry->fetch(POD::FETCH_ASSOC);
        $_SESSION['SESS_AGENT_ID'] = $member['member_id'];
        $_SESSION['SESS_login'] = $member['login'];
        session_write_close();
        header("location: agent-member-index.php");
        exit();
    }else {
        //Login failed
        header("location: login-failed.php");
        exit();
    }

However, the login and password are not being passed through correctly, and my result for $count is 0. I know one problem is that the password stored in the database is the .md5 encrypted version of the password, so I tried changing $password to

$password = '.md5($_POST['password']).';   

but I received errors T-STRING errors. Any help would be greatly appreciated!

Answer 1

$password = '.md5($_POST['password']).';

Is not valid, as it's 2 strings with a string literal in the middle. I think you meant:

$password = md5($_POST['password']);