我正在为大学做一个项目,我们必须创建一个博客

I am doing a project for college where we have to create a weblog

此代码包含在 SQL.php 文件中,该文件包含 SQL 的所有函数:

函数check_login($user_name, $密码){

#create the PDO object 
/**
 * Used to instanciate the host of the server
 * @var string
 */
    $hostname = 'localhost';
            /**
 * Used to instanciate the username to connect to the server
 * @var string
 */
    $username = 'ODBC';
            /**
 * Used to instanciate the password to connect to the server
 * @var string
 */
    $pass = "";
            /**
 * Used to instanciate the database name
 * @var string
 */
    $db_name = 'bloggie_db';
    try{
        mysql_query("SET NAMES 'utf8");
        $dbh = new PDO("mysql:host=$hostname;dbname=$db_name" , $username, $pass);

        #set PDO error mode to exception 
        $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

        #Check to see if the user exists
        $stmt = $dbh->query("SELECT password, username, firstname, surname FROM users WHERE username = '" . $user_name . "'");  

        $row = $stmt->fetch(PDO::FETCH_ASSOC);

        $check_username = $row['username'];
        $check_password = $row['password'];
        $name = $row['firstname'];
        $surname = $row['surname'];

        if ($row){
            if($check_password=$password & $check_username=$user_name){
                header("Content-Type: text/html; charset=utf-8");
                echo 'pass check=  ' . $check_password . '    password=  '. $password . ' firstname= ' . $name . ' surname= ' . $surname;
                return array($name, $surname);
            }else{

                echo "Your details are invalid.";
                return false;
            }
        }else{
            echo "Your account does not exist";
        }
    }catch(PDOException $e){
        $e->getTrace();
    }
    $dbh = null;
}

打印密码时,我得到一个包含 gaves 的奇怪值,例如 "dapb`",而该值实际上应该是 6544。

在 Login.php 中我调用了 sql 函数:

/**
 * Requesting the users username from Bloggie_Welcome.php
 * @var string
 */
$username = $_REQUEST['Email'];

/**
 * Retrieving the users password from Bloggie_Welcome.php
 * @var string
 */
$password = $_REQUEST['Password'];

#Including the path to the validation object
include '../Objects/SQL.php';
#Instanciating the SQL object
$sql = new SQL();
#Calling the sql function check_login
$details = $sql->check_login($username, $password);
session_start();
if(isset($details)){
    $_SESSION['username'] = $username;
    $_SESSION['firstname'] = $details[0];
    $_SESSION['surname'] = $details[1];
    //header("Location: ../Bloggie_Profile.php");

}

我似乎无法理解为什么当我打印用户名、密码、名字和姓氏时,除了密码之外所有数据都是正确的。

创建用户table: 函数 create_Users(){

#create the PDO object 
/**
 * Used to instanciate the host of the server
 * @var string
 */
    $hostname = 'localhost';
            /**
 * Used to instanciate the username to connect to the server
 * @var string
 */
    $username = 'ODBC';
            /**
 * Used to instanciate the password to connect to the server
 * @var string
 */
    $password = "";
            /**
 * Used to instanciate the database name
 * @var string
 */
    $db_name = 'bloggie_db';
    try{

        $dbh = new PDO("mysql:host=$hostname;dbname=$db_name" , $username, $password);

        echo "<br/>Database connected <br/>";

        #set PDO error mode to exception 
        $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

        #create users table
        $sqlU = 'CREATE TABLE users('.
                     'user_id INT NOT NULL AUTO_INCREMENT,'.
                     'firstname VARCHAR(50),'.
                     'surname VARCHAR(50),'.
                     'username VARCHAR(100),'.
                     'password VARCHAR(255),'.
                     'contact_num VARCHAR(10),'.
                     'email VARCHAR(100),'.
                     'gender VARCHAR(50),'. 
                     'DOB DATE,'.
                     'profile_path VARCHAR(200),'.
                     'bio VARCHAR(255),'.
                     'PRIMARY KEY(user_id))';
        $dbh->exec($sqlU);
        echo "<br/> Users table dropped.";

        $dbh = null;
    }catch(PDOException $e){
        echo "<br/>" . $e->getMessage() . "<br/>";
        die(print_r($e->getTrace()));
    }
}

请大家帮帮我 :(.

我认为您犯了最常见的编程错误,只是运算符拼写错误:

if($check_password=$password & $check_username=$user_name){

这就是为什么您首先将 $chack_password 分配给 $password 并对其执行二元与 (&) 运算符(而不是 && (AND))并使用 $user_namepassword 现在 returns 一个不同的值。

修复一下应该就可以了