需要 PHP PDO 帮助

发布于 2024-10-18 09:46:33 字数 829 浏览 1 评论 0原文

我试图获取刚刚登录的用户的 UserID 并将其存储在 $_SESSION['UserID'] 中，但它没有这样做。

不存储它。 数组 ( [LoggedIn] => 1 [UserID] => )

// Database Connection File
    require("../system/config.php");

    $user['username'] = $_POST['username'];
    $user['password'] = md5($_POST['password']);

    $login_check = $DBH->prepare("SELECT Username, Password FROM Users WHERE Username = ? AND Password = ?");
    $login_check->execute(array($user['username'], $user['password']));

    if(count($login_check) == 1) {
        session_start();
        $row = $login_check->fetch();
        $_SESSION['LoggedIn'] = 1;
        $_SESSION['UserID'] = $row['UserID'];
        print_r($_SESSION);
    }

    else {
        echo "You have entered an incorrect Username and Password, please try again.";
    }

原文

I am trying to fetch the UserID of the user that has just logged in and store it in $_SESSION['UserID'], however it is not doing so.

Doesn't store it. Array ( [LoggedIn] => 1 [UserID] => )

// Database Connection File
    require("../system/config.php");

    $user['username'] = $_POST['username'];
    $user['password'] = md5($_POST['password']);

    $login_check = $DBH->prepare("SELECT Username, Password FROM Users WHERE Username = ? AND Password = ?");
    $login_check->execute(array($user['username'], $user['password']));

    if(count($login_check) == 1) {
        session_start();
        $row = $login_check->fetch();
        $_SESSION['LoggedIn'] = 1;
        $_SESSION['UserID'] = $row['UserID'];
        print_r($_SESSION);
    }

    else {
        echo "You have entered an incorrect Username and Password, please try again.";
    }

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

烟若柳尘 2024-10-25 09:46:33

编辑：您可能正在寻找的答案是您没有在查询中选择UserID。但你还是应该看看我下面写的。

您应该使用 if ($login_check->rowCount() == 1) 而不是 count()

或者，最好使用 fetch( ) 用户名的密码并在 php 中检查它是否正确，因为这样您就可以检测并存储每个用户的错误密码尝试，并且如果尝试次数过多，可能会暂时拒绝访问。

$login_check = $DBH->prepare("SELECT UserID, Password FROM Users WHERE Username = ?");
$login_check->execute(array($user['username']));
$row = $login_check->fetch();

if (!empty($row)) {
    // user exists
    if ($row['Password'] == $user['password']) {
        // login success
    }
    else {
        // bad password attempt
    }
}
else {
    // non-existant user
}

Edit: The answer you are probably looking for is that you aren't selecting UserID in your query. But you should still look at what I wrote below.

You'd should use if ($login_check->rowCount() == 1) instead of count()

Alternatively, it would be better to fetch() the password for the username and check it in php to see if it's correct because then you can detect and store bad password attempts for each user and possibly deny access for a while if there have been too many.

$login_check = $DBH->prepare("SELECT UserID, Password FROM Users WHERE Username = ?");
$login_check->execute(array($user['username']));
$row = $login_check->fetch();

if (!empty($row)) {
    // user exists
    if ($row['Password'] == $user['password']) {
        // login success
    }
    else {
        // bad password attempt
    }
}
else {
    // non-existant user
}

回复收藏 0 原文

~没有更多了~