PHP MYSQL 查询没有将数组传递到我的变量中
PHP MYSQL query is not passing the array into my variable
这是我的查询,当我执行 var_dump:
时,它的 $results 为 NULL
function connect($loginName) {
$password = (isset($_SESSION['password']));
$loginName = (isset($_SESSION['loginName']));
global $db;
$query = "SELECT email, level, password FROM members WHERE email = '$loginName'";
$result = $db->query($query);
$results = $result->fetch(PDO::FETCH_ASSOC);
return $results;
}
在尝试更改后建议它在我的欢迎表单中给了我这两个错误:
功能页面:
<?php
require('database_connection.php');
//include('index.php')
//session_start();
if ((isset($_POST['loginName'])) && (isset($_POST['password']))){
$_SESSION['loginName'] = $_POST['loginName'];
$_SESSION['password'] = password_hash($_POST['password'], PASSWORD_BCRYPT);
$password = isset($_SESSION['password']) ? $_SESSION['password'] : "";
$loginName = isset($_SESSION['loginName']) ? $_SESSION['loginName'] : "";
// Connecting to the database
}
function connect($loginName) {
global $db;
$query = "SELECT email, level, password FROM members WHERE email = '$loginName'";
$result = $db->query($query);
$results = $result->fetch(PDO::FETCH_ASSOC);
return $results;
}
//Login
function login($loginName, $password) {
$results = connect($loginName);
if ((isset($_SESSION['loginName'])) === $results['email'] && (isset ($_SESSION['password'])) === $results['password'])
{
if ( 'a' === $results['level'] ) {
$level = "Administrator";
}
elseif ( 'm' === $results['level'] ) {
$level = "Member";
}
else $level = '?';
if ($level === "Administrator"){
header('Location: /tires/admin/home.php');
exit();
}elseif ($level === "Member"){
header('Location: /tires/member/home.php');
exit();
}
include('logoutform.php');}
else {
echo "Sorry. You are not in our database";
}};
//Trying to verify the password
if ((isset($_POST['loginName'])) && (isset($_POST['password']))){
$_SESSION['loginName'] = $_POST['loginName'];
$_SESSION['password'] = password_hash($_POST['password'], PASSWORD_BCRYPT);
}
$password = (isset($_SESSION['password']));
$loginName = (isset($_SESSION['loginName']));
$hash = '';
global $db;
$h = $db->prepare("SELECT password FROM members WHERE email = '$loginName'");
$h->execute();
$hashing = $h->fetchAll();
foreach ($hashing as $hash) {
return $hash['password'];
if($hashing) // will return true if succefull else it will return false
{
echo 'Query is working';// code here for true
};
};
if (password_verify($password, $hash)) {
echo 'Password is valid!';
} else {
echo 'Invalid password.';
};
//Logout
function logout() {
$_SESSION = array();
session_destroy();
};
function get_name($results) {
$name = preg_split("/@/", $results['email']);
$name = ucfirst($name[0]);
return $name;
};
function allowed_get_params($allowed_params=[]) {
$allowed_array = [];
foreach($allowed_params as $param) {
if(isset($_GET[$param])) {
$allowed_array[$param] = $_GET[$param];
} else {
$allowed_array[$param] = NULL;
}
}
return $allowed_array;
};
$get_params = allowed_get_params(['loginName', 'password']);
?>
并且,这是登录(实际上是注销)表单:
<form method="post" id="logoutform.php">
<fieldset>
<legend>Logout</legend>
<?php
//include('includes/functions.php');
//if ( $_SESSION['loginName'] === $result['email'] && $_SESSION['password'] === $result['password']) {
echo "Welcome, ";
echo "$level, ";
echo get_name($results);
// print_r($_POST);
print '<br />';
//}
// else{
//var_dump($result);
///}
?> <br /> <br /> <br />
<input type="submit" name="action" value="logout" />
</fieldset></form>
登录表单是这个:
<form action="home.php" method="post" id="loginform.inc.html">
<fieldset>
<legend>Login</legend> <label for="loginName" class="loginName">Username:</label>
<input id="loginName" name="loginName" type="text" value="<?php echo (isset($loginName['loginName'])); ?>"/>
<label for="password" class="loginName">Password:</label>
<input id="password" name="password" type="password" value="<?php echo (isset($password['password'])); ?>" />
<input type="submit" name="submit" value="login" />
</fieldset>
</form>
$results 似乎是空的,因为您的查询没有返回任何内容。而且我怀疑您的查询没有返回任何内容,因为您正在搜索 TRUE 的 $loginName(或者可能是 FALSE),因为这一行:
$loginName = (isset($_SESSION['loginName']));
isset() returns 对或错。我怀疑这不是你想要的。
也不清楚您的 global $db 是关于什么的。我希望那是伪代码。如果那是你的文字代码,那么你有一个明显的错误,因为你甚至没有尝试连接到数据库。
此外,您应该使用参数化语句传递登录名以避免 obvious security hole。
改变
$password = (isset($_SESSION['password']));
$loginName = (isset($_SESSION['loginName']));
至
$password = isset($_SESSION['password']) ? $_SESSION['password'] : "";
$loginName = isset($_SESSION['loginName']) ? $_SESSION['loginName'] : "";
这是我的查询,当我执行 var_dump:
时,它的 $results 为 NULLfunction connect($loginName) {
$password = (isset($_SESSION['password']));
$loginName = (isset($_SESSION['loginName']));
global $db;
$query = "SELECT email, level, password FROM members WHERE email = '$loginName'";
$result = $db->query($query);
$results = $result->fetch(PDO::FETCH_ASSOC);
return $results;
}
在尝试更改后建议它在我的欢迎表单中给了我这两个错误:
功能页面:
<?php
require('database_connection.php');
//include('index.php')
//session_start();
if ((isset($_POST['loginName'])) && (isset($_POST['password']))){
$_SESSION['loginName'] = $_POST['loginName'];
$_SESSION['password'] = password_hash($_POST['password'], PASSWORD_BCRYPT);
$password = isset($_SESSION['password']) ? $_SESSION['password'] : "";
$loginName = isset($_SESSION['loginName']) ? $_SESSION['loginName'] : "";
// Connecting to the database
}
function connect($loginName) {
global $db;
$query = "SELECT email, level, password FROM members WHERE email = '$loginName'";
$result = $db->query($query);
$results = $result->fetch(PDO::FETCH_ASSOC);
return $results;
}
//Login
function login($loginName, $password) {
$results = connect($loginName);
if ((isset($_SESSION['loginName'])) === $results['email'] && (isset ($_SESSION['password'])) === $results['password'])
{
if ( 'a' === $results['level'] ) {
$level = "Administrator";
}
elseif ( 'm' === $results['level'] ) {
$level = "Member";
}
else $level = '?';
if ($level === "Administrator"){
header('Location: /tires/admin/home.php');
exit();
}elseif ($level === "Member"){
header('Location: /tires/member/home.php');
exit();
}
include('logoutform.php');}
else {
echo "Sorry. You are not in our database";
}};
//Trying to verify the password
if ((isset($_POST['loginName'])) && (isset($_POST['password']))){
$_SESSION['loginName'] = $_POST['loginName'];
$_SESSION['password'] = password_hash($_POST['password'], PASSWORD_BCRYPT);
}
$password = (isset($_SESSION['password']));
$loginName = (isset($_SESSION['loginName']));
$hash = '';
global $db;
$h = $db->prepare("SELECT password FROM members WHERE email = '$loginName'");
$h->execute();
$hashing = $h->fetchAll();
foreach ($hashing as $hash) {
return $hash['password'];
if($hashing) // will return true if succefull else it will return false
{
echo 'Query is working';// code here for true
};
};
if (password_verify($password, $hash)) {
echo 'Password is valid!';
} else {
echo 'Invalid password.';
};
//Logout
function logout() {
$_SESSION = array();
session_destroy();
};
function get_name($results) {
$name = preg_split("/@/", $results['email']);
$name = ucfirst($name[0]);
return $name;
};
function allowed_get_params($allowed_params=[]) {
$allowed_array = [];
foreach($allowed_params as $param) {
if(isset($_GET[$param])) {
$allowed_array[$param] = $_GET[$param];
} else {
$allowed_array[$param] = NULL;
}
}
return $allowed_array;
};
$get_params = allowed_get_params(['loginName', 'password']);
?>
并且,这是登录(实际上是注销)表单:
<form method="post" id="logoutform.php">
<fieldset>
<legend>Logout</legend>
<?php
//include('includes/functions.php');
//if ( $_SESSION['loginName'] === $result['email'] && $_SESSION['password'] === $result['password']) {
echo "Welcome, ";
echo "$level, ";
echo get_name($results);
// print_r($_POST);
print '<br />';
//}
// else{
//var_dump($result);
///}
?> <br /> <br /> <br />
<input type="submit" name="action" value="logout" />
</fieldset></form>
登录表单是这个:
<form action="home.php" method="post" id="loginform.inc.html">
<fieldset>
<legend>Login</legend> <label for="loginName" class="loginName">Username:</label>
<input id="loginName" name="loginName" type="text" value="<?php echo (isset($loginName['loginName'])); ?>"/>
<label for="password" class="loginName">Password:</label>
<input id="password" name="password" type="password" value="<?php echo (isset($password['password'])); ?>" />
<input type="submit" name="submit" value="login" />
</fieldset>
</form>
$results 似乎是空的,因为您的查询没有返回任何内容。而且我怀疑您的查询没有返回任何内容,因为您正在搜索 TRUE 的 $loginName(或者可能是 FALSE),因为这一行:
$loginName = (isset($_SESSION['loginName']));
isset() returns 对或错。我怀疑这不是你想要的。
也不清楚您的 global $db 是关于什么的。我希望那是伪代码。如果那是你的文字代码,那么你有一个明显的错误,因为你甚至没有尝试连接到数据库。
此外,您应该使用参数化语句传递登录名以避免 obvious security hole。
改变
$password = (isset($_SESSION['password']));
$loginName = (isset($_SESSION['loginName']));
至
$password = isset($_SESSION['password']) ? $_SESSION['password'] : "";
$loginName = isset($_SESSION['loginName']) ? $_SESSION['loginName'] : "";