Let me introduce database background with coding PDO_BUMPST_VER1.4 , i hope specified member to login the website , only entering account and password for checking.
I 'm not familiar with pdo code , so hope anyone could help me . Thank you so much
Database Field Account: username
password:password
[php]
[/php]
You need to get acquainted with PHP first, before you delve into database stuff.
[php] $sql = SELECT * FROM username WHERE( username = ? AND Password = ? )";
“WHERE username = :username LIMIT 1”;
[/php]
And
[php]<?php>[/php]
This should be glaringly obvious that something is wrong ( with the PHP itself as well as the SQL ), hence why you need to understand PHP first.
And that assumes that you are properly setting the $pdo object before attempting to use it.
I strongly suggest you use a proper IDE, or any editor that will highlight syntax errors.
Amended another . but a few error
Error Code
Notice: Undefined index: password in /home/vol14_4/byethost6.com/b6_18625271/htdocs/pdo_bumpstart_ver1.4/includes/table_select.php on line 23
[php]
<?php //---------------------------------------------------------------------------------------- // Block Direct Access //---------------------------------------------------------------------------------------- if (!defined('securepage')) { die('This is invalid code
[php]if (isset($_POST[‘username’]) and isset($_POST[‘password’])); [/php]
Should be:
[php]if (isset($_POST[‘username’]) and isset($_POST[‘password’]))[/php]
Though I prefer
[php]if (isset($_POST[‘username’]) && isset($_POST[‘password’]))[/php]
[hr]
You can combine this code
[php] $stmt->bindParam(’:username’, $_POST[‘username’], PDO::PARAM_STR);
$stmt->bindParam(’:password’, $enc_pwd, PDO::PARAM_STR);
// execute prepared query
$stmt->execute();[/php]
Into
[php] // execute prepared query
$stmt->execute(array(
‘username’ => $_POST[‘username’],
‘password’ => $enc_pwd
));[/php]
[hr]
This is not encryption
[php] // encrypt password and store in a temporary variable
$enc_pwd = sha1($_POST[‘password’]);[/php]
Might be arguing over semantics for some, but I think it’s important to differentiate password hashing from encryption as they’re not really the same at all. And even if person A and B knows a “encrypted password” is a hash, person C might not.
[hr]
Please use the PHP password lib to handle passwords in a secure manner.
http://php.net/manual/en/function.password-hash.php
Thank you so much! Jiml
Errors disappear. But no response when submitting query to db .
link :http://www.starofphilology.byethost6.com/pdo_bumpstart_ver1.4/index.php?p=table_select
[php]
<?php // If a value is given if (isset($_POST['username']) && isset($_POST['password'])) { // define the sql statement with two input parameters: username and password $sql = 'select username, password from users where username = :username and password = :password'; // prepare sql statement into a statement object $stmt = $pdo->prepare($sql); // execute prepared query $stmt->execute(array( 'username' => $_POST['username'], 'password' => $enc_pwd )); // if there was a row selected (username and password match found in the database) if($stmt->rowCount()) { $_session['username'] = $username; header('location:error.php'); // log in user and do whatever else you need to do on login success } // otherwise if a row wasn't selectd (no username/password match found in the database) elseif(!$stmt->rowCount()) { // display error message and do whatever else you need to do on login failure } } ?> School CodeRowCount() does not get the number of affected rows from a select statement. So, that may be an issue…
You would need to do a fetch to get the result set.
[php]$rows = $stmt->fetchAll();
if ( $rows ) {
// do this
}[/php]
replace this one?
[php] $rows = $stmt->fetchAll();
if ( $rows )
[/php]
That’s an example of a fetch. RowCount, will not work in this case.