stackoom
  简体   繁体   中英

how to write this mysql query with PDO

 原文  2014-10-01 13:12:29       php/ mysql/ login/ pdo

Question

I am writing a php login form and I would like to use PDO for db connection and writing my queries. Actually I am very new with PDO statements but in order to avoid sql injection, I would prefer to use it. I appreciate if someone could kindly help me to rewrite my query with PDO?

This is my code: 

$qry="SELECT * FROM member WHERE username='$username' AND password='$password'";
$result=mysql_query($qry);

//Check whether the query was successful or not
if($result) {
    if(mysql_num_rows($result) > 0) {
        //Login Successful
        session_regenerate_id();
        $member = mysql_fetch_assoc($result);
        $_SESSION['SESS_MEMBER_ID'] = $member['mem_id'];
        $_SESSION['SESS_FIRST_NAME'] = $member['username'];
        $_SESSION['SESS_LAST_NAME'] = $member['password'];
        session_write_close();
        header("location: home.php");
        exit();
    }else {
        //Login failed
        $errmsg_arr[] = 'user name and password not found';
        $errflag = true;
        if($errflag) {
            $_SESSION['ERRMSG_ARR'] = $errmsg_arr;
            session_write_close();
            header("location: index.php");
            exit();
        }
    }
}else {
    die("Query failed");
}

I tried 

$stmt = $conn->prepare("SELECT * FROM member WHERE username = :username and password = :password");`

and 

$stmt->execute(array(':username' => $username, ':password' => $password));`

but I don't know how I can rewrite the part related to "check if query was successful"

2 answers

solution1
 2  2014-10-01 13:16:24

You could just use rowCount() in this case to check: 

$stmt = $conn->prepare("SELECT * FROM member WHERE username = :username and password = :password");
$stmt->execute(array(':username'=>$username,':password'=>$password));
if($stmt->rowCount() > 0) {
    // then select row has round rows
    $member = $stmt->fetch(PDO::FETCH_ASSOC);
    session_regenerate_id();
    $_SESSION['SESS_MEMBER_ID'] = $member['mem_id'];
    $_SESSION['SESS_FIRST_NAME'] = $member['username'];
    $_SESSION['SESS_LAST_NAME'] = $member['password'];
    session_write_close();
    header("location: home.php");
    exit();

}

solution2
 2 ACCPTED  2014-10-01 13:17:56

Try - 

$stmt = $conn->prepare("SELECT * FROM member WHERE username = :username and password = :password");
$stmt->bindValue(':username', $username);
$stmt->bindValue(':password', $password);
$stmt->execute();
$result = $stmt->fetch(PDO::FETCH_OBJ);

if (!empty($result)) {

    # Login Successful    
    $_SESSION['SESS_MEMBER_ID'] = $result->mem_id;
    $_SESSION['SESS_FIRST_NAME'] = $result->username;
    $_SESSION['SESS_LAST_NAME'] = $result->password;

    header("location: home.php");

} else {

    # Login failed
    $errmsg_arr[] = 'user name and password not found';
    $errflag = true;

        if($errflag) {
        $_SESSION['ERRMSG_ARR'] = $errmsg_arr;
        header("location: index.php");
        }

}

Note that for Insert, Update, Delete etc you can use $count = $stmt->rowCount(); followed by if ($count > 0) but as of yet it doesn't perform reliably with SELECT

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to write mysql query into PDO how to execute in query with mysql pdo How to convert this mySql query to PDO format…? How to use common parameter for Mysql PDO query How to use async Mysql query with PHP PDO How to change an update query from mysql to pdo? how to write the mysql query? How write this mysql query? How to write this mysql query? PHP PDO for NOT IN query in MYSQL
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM