php pdo 中的语法错误或访问冲突错误

Syntax error or access violation error in php pdo

Table 姓名:cms_user_table

我使用 php PDO 创建登录代码。

但这显示我的查询中出现访问冲突错误。请帮我解决这个问题。

以下是我的错误:

Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'id,username,password,psalt from cms_user_table WHERE username ='raj'' at line 1 in C:\wamp\www\pdo\bhaskarcms\includes\db.php on line 286

下面是我的登录码:

<?php
require_once('includes/config.php');    
$database = new db("root", "", "localhost", "bhaskar_hindi_dbs", array(PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES utf8'));
if(isset($_POST['login']))
{       
    $username = $_POST['username'];
    $password = $_POST['password'];         
    $sql = $database->getRows("id,username,password,psalt from cms_user_table WHERE username =:username",array(':username'=>$username));
    foreach ($sql as $r) {
        $u=$r['username'];
        $p=$r['password'];
        $p_salt=$r['psalt'];
        $id=$r['id'];
    }                
    $site_salt="bhaskarhindisalt";
    $salted_hash = hash('sha256',$password.$site_salt.$p_salt);
    if($p==$salted_hash) {
        $_SESSION['Auth']['id']= $id;
        header("Location:state.php");
    }   
    else {
        echo "<h2>Username/Password is Incorrect.</h2>";
    }
}                       
?>

getRows 函数是在 db class 中创建的,我在登录代码中调用此函数并传递参数。

public function getRows($query, $params=array()) {
    try{ 
        $stmt = $this->datab->prepare($query); 
        $stmt->execute($params);
        return $stmt->fetchAll();       
    }catch(PDOException $e){
        throw new Exception($e->getMessage());
    }       
}

尝试

$sql = $database->getRows("SELECT id,username,password,psalt from cms_user_table WHERE username =:username",array(':username'=>$username));

您错过了字符串开头的 select 语句:

$sql = $database->getRows("select id,username,password,psalt from cms_user_table WHERE username =:username",array(':username'=>$username));