dsd119120
2015-07-17 10:18
浏览 46
已采纳

在外部PHP文件中使用PDO连接mysql数据库[重复]

I have an Index.php which has a form for fetching user details when that form is submitted it fires the data to a new program.php for validation in program.php I've linked db.php in which I've the connection to the database, code of db.php is given below:

<?php
    $link=mysql_connect('localhost', 'root', '') or die ("mysql_connect_error()");
    $dbselect=mysql_select_db('test',$link) or die ("Error while connecting the database");
?>

since using it this way sql injections are possible, so I tried changing it to code given below:

<?php
$hostname='localhost';
$username='root';
$password='';

try
{
    $dbh = new PDO("mysql:host=$hostname;dbname=test",$username,$password);

    $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); // <== add this line
    $dbh = null;
}
catch(PDOException $e)
{
    echo $e->getMessage();
}
?>

but I am getting an error when I connect submit the form. Inside my program.php I have called db.php by include "db.php";. Since I am new to PDO, I am not sure where am I going wrong.

Updated program.php code

<?php
if($_POST)
{
    include "link_db.php";

    if ($_POST[admin_sign_up])
    {
        $fname=$_POST[fname];
        $lname=$_POST[lname];   
        $id   =$_POST[id];
        $id_pass=$_POST[id_pass];
        $sql="insert into admin_database(fname, lname, id, id_pass) 
        value ('$fname','$lname','$id','$id_pass')";

        mysql_query($sql);

        $error=mysql_error();

        if(empty($error))
        {
            echo "<script>alert('Registration Successful...')</script>";
            header("Location:index.php",true);
        }
        else 
        {
            echo "Registration Failed...<br> Email Id already in use<br>";
            echo "<a href='failed.php'>Click to SignUp again</a>";
        }
    }

    if ($_POST[admin_login])
    {

        $id   =$_POST[id];
        $id_pass=$_POST[id_pass];

        $sql="select * from admin_database where id = '$id' and id_pass= '$id_pass'";
        $result=mysql_query($sql);
        echo mysql_error();
        $row=mysql_fetch_array($result);
        $rowcnt=mysql_num_rows($result);

        if($rowcnt==1)
        {
            session_start();
            $_SESSION['id']=$id;
            $_SESSION['fname']=$row['fname'];
            $_SESSION['lname']=$row['lname'];
            $_SESSION['varn']="Y";
            echo "Login Successfully....";
            header("Location:home.php",true);
        }
        else
        {
            $id   =$_POST[id];
            $id_pass=$_POST[id_pass];
            $sql="insert into adminfailure(id, id_pass, date_time) 
            value ('$id','$id_pass',NOW())";
            mysql_query($sql);
            $error=mysql_error();
            if(empty($error))
            {
                Echo "Invalid Login ID or Password....";
                header("Location:fail.php",true);
            }
            else
            {
                echo "incorrect details";
            }
        }
    }
    if ($_POST[logout])
    {
        header("location:destroy.php",true);
    }
}
?>

Updated Errors which I get

Notice: Use of undefined constant test_sign_up - assumed 'test_sign_up' in B:\XAMPP\htdocs\test\program.php on line 6

Notice: Undefined index: test_sign_up in B:\XAMPP\htdocs\test\program.php on line 6

Notice: Use of undefined constant test_login - assumed 'test_login' in B:\XAMPP\htdocs\test\program.php on line 32

Notice: Use of undefined constant id - assumed 'id' in B:\XAMPP\htdocs\test\program.php on line 35

Notice: Use of undefined constant id_pass - assumed 'id_pass' in B:\XAMPP\htdocs\test\program.php on line 36 No database selected Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in B:\XAMPP\htdocs\test\program.php on line 41

Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in B:\XAMPP\htdocs\test\program.php on line 42

Notice: Use of undefined constant id - assumed 'id' in B:\XAMPP\htdocs\test\program.php on line 56

Notice: Use of undefined constant id_pass - assumed 'id_pass' in B:\XAMPP\htdocs\test\program.php on line 57 incorrect details Notice: Use of undefined constant logout - assumed 'logout' in B:\XAMPP\htdocs\test\program.php on line 73

Notice: Undefined index: logout in B:\XAMPP\htdocs\test\program.php on line 73

</div>
  • 写回答
  • 好问题 提建议
  • 追加酬金
  • 关注问题
  • 邀请回答

2条回答 默认 最新

相关推荐 更多相似问题