警告:PDOStatement::execute() [pdostatement.execute]: SQLSTATE[HY093]: 参数号无效:参数未在中定义
Warning: PDOStatement::execute() [pdostatement.execute]: SQLSTATE[HY093]: Invalid parameter number: parameter was not defined in
代码如下:
<?php
class User {
protected $pdo;enter code here
function __construct($pdo){
$this->pdo = $pdo;
}
public function checkInput($var){
$var = htmlspecialchars($var);
$var = trim($var);
$var = stripcslashes($var);
return $var;
}
public function login($email,$password){
$stmt = $this->pdo->prepare("SELECT 'user_id' FROM 'users' WHERE 'email' = :email AND 'password' = :password");
$stmt->bindParam(":user_id", $user_id, PDO::PARAM_STR);
$stmt->bindParam(":password", $password, PDO::PARAM_STR);
$stmt->execute();
$user = $stmt->fetch(PDO::FETCH_OBJ);
$count = $stmt->rowCount();
if($count > 0){
$_SESSION['user_id'] = $user->user_id;
header('Location: home.php');
}else{
return false;
}
}
}
?>
你的查询中有语法错误,你试图传递错误的 param.where 是你的 $user_id 所以它应该是 $email 因为你正在接收 $email 并且$password
改变
$stmt->bindParam(":user_id", $user_id, PDO::PARAM_STR);
有
$stmt->bindParam(":email", $email, PDO::PARAM_STR);
并改变
$stmt = $this->pdo->prepare("SELECT 'user_id' FROM 'users' WHERE 'email' = :email AND 'password' = :password");
有
$stmt = $this->pdo->prepare("SELECT user_id FROM users WHERE email = :email AND password = :password");
代码如下:
<?php
class User {
protected $pdo;enter code here
function __construct($pdo){
$this->pdo = $pdo;
}
public function checkInput($var){
$var = htmlspecialchars($var);
$var = trim($var);
$var = stripcslashes($var);
return $var;
}
public function login($email,$password){
$stmt = $this->pdo->prepare("SELECT 'user_id' FROM 'users' WHERE 'email' = :email AND 'password' = :password");
$stmt->bindParam(":user_id", $user_id, PDO::PARAM_STR);
$stmt->bindParam(":password", $password, PDO::PARAM_STR);
$stmt->execute();
$user = $stmt->fetch(PDO::FETCH_OBJ);
$count = $stmt->rowCount();
if($count > 0){
$_SESSION['user_id'] = $user->user_id;
header('Location: home.php');
}else{
return false;
}
}
}
?>
你的查询中有语法错误,你试图传递错误的 param.where 是你的 $user_id 所以它应该是 $email 因为你正在接收 $email 并且$password
改变
$stmt->bindParam(":user_id", $user_id, PDO::PARAM_STR);
有
$stmt->bindParam(":email", $email, PDO::PARAM_STR);
并改变
$stmt = $this->pdo->prepare("SELECT 'user_id' FROM 'users' WHERE 'email' = :email AND 'password' = :password");
有
$stmt = $this->pdo->prepare("SELECT user_id FROM users WHERE email = :email AND password = :password");