我正在尝试将所有查询重写为 PDO 格式。 目前我正在尝试重写这个函数,但我似乎无法让它工作。
mysql_query 函数
function checkLogin() {
$this->sQuery = "SELECT * FROM users
WHERE gebruikersnaam='" . mysql_real_escape_string($_POST['gebruikersnaam']) . "'
AND wachtwoord = '" . sha1($_POST['wachtwoord']) . "'";
$this->rResult = mysql_query($this->sQuery)
or die("Er is iets misgegaan " . mysql_error());
if (mysql_num_rows($this->rResult) == 1) { // login name was found
$this->aRow = mysql_fetch_assoc($this->rResult);
$_SESSION['gebruiker'] = $this->aRow['voornaam'];
header("location: dashboard.php");
}
}
这就是我使用 PDO 取得的进展:
function checkLoginPDO(){
$connect = new PDO(host, username, password); // Database Connectie maken (De host, username & password zijn in de config.php aan te passen)
$sql = "SELECT * FROM users
WHERE gebruikersnaam='" . mysql_real_escape_string($_POST['gebruikersnaam']) . "'
AND wachtwoord = '" . sha1($_POST['wachtwoord']) . "'";
$value = $connect->prepare($sql); //Een variabele aanmaken die de PDO vast houdt. Vervolgens word de code voorbereid door de prepare functie
$value->execute();
if(mysql_num_rows($value->fetch()) == 1){
$_SESSION['gebruiker'] = $row['voornaam'];
header("location: dashboard.php");
}
}
我做错了什么/忘记了什么?
提前致谢!
最佳答案
应该是这样的:
function checkLoginPDO(){
$connect = new PDO(host, username, password); // Database Connectie maken (De host, username & password zijn in de config.php aan te passen)
// define sql query string with special placeholders in the form of ?
$sql = "SELECT * FROM users
WHERE gebruikersnaam=?
AND wachtwoord =?";
// prepare statement based on sql query string
$statement = $connect->prepare($sql);
// bind first question mark with value from $_POST, first question mark will be replaced with that value
$statement->bindParam(1, $_POST['gebruikersnaam']);
// do the same for second question mark
$statement->bindParam(2, sha1($_POST['wachtwoord']));
// execute this prepared statement with binded values
$statement->execute();
// fetch row from the result in the form of associated array
if(($row = $statement->fetch(PDO::FETCH_ASSOC))){
$_SESSION['gebruiker'] = $row['voornaam'];
header("location: dashboard.php");
}
// free statement memory
$statement = null;
}
注意:代码未经测试。
编辑,添加说明: 使用 PDO 时,您应该使用它处理查询和数据库的方式。使用任何 mysql_* 函数都不是执行此操作的最佳方式。
关于php - 将 mysql_query 转换为 PDO,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/15108841/