[英]Fatal error on prepared statement
更新...
我正在編寫准備好的語句,並且收到以下錯誤消息:
注意:未定義的索引:C:\\ Program Files(x86)\\ EasyPHP-12.1 \\ www \\ inlogg_och_lagar \\ core.inc.php中的用戶名(第34行)
致命錯誤:消息為“ SQLSTATE [42000]”的未捕獲的異常“ PDOException”:語法錯誤或訪問沖突:1064 SQL語法有錯誤; 檢查與您的MySQL服務器版本對應的手冊以獲取正確的語法,以在C:\\ Program Files(x86)\\ EasyPHP-12.1 \\ www \\ inlogg_och_lagar \\ core.inc.php:34堆棧中的第1行“''附近使用跟蹤:#0 C:\\ Program Files(x86)\\ EasyPHP-12.1 \\ www \\ inlogg_och_lagar \\ core.inc.php(34):PDOStatement-> execute(Array)#1 C:\\ Program Files(x86)\\ EasyPHP- 12.1 \\ www \\ inlogg_och_lagar \\ index.php(23):getuserrow('用戶名')#2 {main}拋出C:\\ Program Files(x86)\\ EasyPHP-12.1 \\ www \\ inlogg_och_lagar \\ core.inc.php 34
有人可以告訴我我在做什么錯嗎? 這是一個簡單的登錄腳本。
這是loginform.inc.php
<?php
if (isset($_POST['username'])&&isset($_POST['password'])) {
$username = $_POST['username'] ;
$password = $_POST['password'] ;
$password_hash = md5 ($password);
if ($username && $password)
{
$query ="SELECT * FROM USERDATA where `username` = :username AND `password` = :password";
$stmt = $pdo->prepare($query);
$stmt->execute(array(
':username' => $_POST['username'],
':password' => $password_hash
));
$row = (bool) $stmt->fetch();
if (!$rows)
{
echo '<p class="warning">Fel användarnamn/lösenords kombination.</p>';
} else {
$_SESSION['user_id'] = $row;
header('Location: index.php');
exit;
}
} else {
echo '<p class="warning">Du måste fylla i ett användarnamn och lösenord</p>';
}
}
?>
<!--- LOGIN FORM --->
<div id="form-column">
<p>You need to be loggedin.</p>
<p>Fill out username and password.</p>
<form action="<?php echo $current_file; ?>" method="POST">
Användarnamn: <input type="text" name="username">
Lösenord: <input type="password" name="password">
<input type="submit" value="Log in">
</form>
</div>
這是core.inc.php
<?php
ob_start();
session_start();
$current_file = $_SERVER['SCRIPT_NAME'];
if (isset($_SERVER['HTTP_REFERER'])&&!empty($_SERVER['HTTP_REFERER'])) {
$http_referer = $_SERVER['HTTP_REFERER'];
}
function loggedin () {
if (isset($_SESSION['user_id'])&&!empty($_SESSION['user_id'])) {
return true;
} else {
return false;
}
}
function getuserrow ($row) {
$sql ="SELECT * FROM USERDATA where id = ?".$_SESSION['user_id']."'";
global $pdo;
$stmt = $pdo->prepare($sql);
$stmt->execute(array($_POST['username']));
$row = $stmt->fetch();
}
?>
這是connect.inc.php
<?php
$dsn = "mysql:host=localhost;dbname=users;charset=utf8";
$opt = array(
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC
);
$pdo = new PDO($dsn,'root','', $opt);
?>
您的PDO對象定義為$pdo
,但后來稱為$dbh
:
從connect.inc.php
:
$pdo = new PDO($dsn,'root','', $opt);
從loginform.inc.php
:
global $dbh; // ... $stmt = $dbh->prepare($sql);
此外, loginform.inc.php
似乎不包含connect.inc.php
。
您在$stmt->execute(array($_POST['username']))
處缺少第二個參數
$sql ="SELECT * FROM USERDATA where username = ? AND password = ?";
$stmt = $pdo->prepare($sql);
$stmt->execute(array($_POST['username'], md5($_POST['password'])));//<== here
取代這個
global $pdo; // <- You don't need this one
$sql ="SELECT * FROM USERDATA where username = ? AND password = ?";
$stmt = $pdo->prepare($sql);
$stmt->execute(array($_POST['username']));
$row = $stmt->fetch();
與
$query ="SELECT * FROM USERDATA where `username` = :username AND `password` = :password";
$stmt = $pdo->prepare($query);
$stmt->execute(array(
':username' => $_POST['username'],
':password' => $password_hash
));
$row = (bool) $stmt->fetch();
為了避免出現這種情況,您最好堅持使用命名的占位符,而不要使用未命名的占位符(如?
)。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.