doukengzi3517
2012-09-19 06:22
浏览 44
已采纳

ModX和PDO:使用PHP变量查询

I am new to PDO and have the follow code which recieves 2 PHP vars from a form and uses them in a query:

$loginemail = $_REQUEST['loginemail'] ;
$loginpassword = $_REQUEST['loginpassword'] ;

$logincheck = "SELECT * FROM `ft_gameusers` WHERE `email` = '$loginemail' AND `password` = '$loginpassword'";

$query = $modx->query($logincheck);

if ($query) {
    while ($row = $query->fetch(PDO::FETCH_ASSOC)) {

 echo $row['email'];

    }
}

The thing is if I hard code the email and password variables into the MySQL query it works fine - its just doesnt seem to like them as PHP variables.

Does anyone know what Im doing wrong? (PS: this is a snippet within ModX Revo)

EDIT: form tag:

<form id="loginform" action="mysite.com/formprocess" method="post">

Email:
<input type="text" id="loginemail" name="loginemail">
Password:
<input type="password" id="loginpassword" name="loginpassword">
<button type="submit">Login</button>
</form>

图片转代码服务由CSDN问答提供 功能建议

我是PDO新手并拥有以下代码,从表单中收集2个PHP变量并在查询中使用它们 :

  $ loginemail = $ _REQUEST ['loginemail']; 
 $ loginpassword = $ _REQUEST ['loginpassword']; 
 
 $ logincheck =“SELECT * FROM  `ft_gameusers` WHERE`mail` ='$ loginemail'和`password` ='$ loginpassword'“; 
 
 $ query = $ modx-&gt; query($ logincheck); 
 
if($ query){  
 while($ row = $ query-&gt; fetch(PDO :: FETCH_ASSOC)){
 
 echo $ row ['email']; 
 
} 
} 
   
 
 

问题是,如果我将电子邮件和密码变量硬编码到MySQL查询中它可以正常工作 - 它似乎并不像它们那样将它们视为PHP变量。

有谁知道我做错了什么? (PS:这是ModX Revo中的一个片段)

编辑:表格标签: <前> &lt; form id =“loginform”操作 =“mysite.com/formprocess”method =“post”&gt; 电子邮件: &lt; input type =“text”id =“loginemail”name =“loginemail”&gt; 密码: &lt; input type = “password”id =“loginpassword”name =“loginpassword”&gt; &lt; button type =“submit”&gt;登录&lt; / button&gt; &lt; / form&gt; < / DIV>

  • 写回答
  • 关注问题
  • 收藏
  • 邀请回答

4条回答 默认 最新

  • duanpo2813 2012-09-20 06:59
    已采纳

    This is how you can bind your parameters using PDO/xPDO:

    $loginemail = $_REQUEST['loginemail'] ;
    $loginpassword = $_REQUEST['loginpassword'] ;
    
    $logincheck = "SELECT * FROM `ft_gameusers` WHERE `email` = :loginemail AND `password` = :loginpassword";
    
    $credentials = array(
        ':loginemail' => $loginemail,
        ':loginpassword' => $loginpassword,
    );
    
    $query = new xPDOCriteria($modx,$logincheck,$credentials);
    if ($query->stmt && $query->stmt->execute()) {
        while ($row = $query->stmt->fetch(PDO::FETCH_ASSOC)) {
            echo $row['email'];
        }
    }
    

    http://php.net/manual/en/pdostatement.bindparam.php

    已采纳该答案
    打赏 评论
  • dsb0003795 2012-09-19 06:24

    Try like this

    $logincheck = "SELECT * FROM `ft_gameusers` WHERE `email` = '".$loginemail."' AND `password` = '".$loginpassword.'";
    
    打赏 评论
  • doushe2513 2012-09-19 06:27

    Try changing FROM this

    <button type="submit">Login</button>
    

    TO

    <input type="submit" id="submit" name="submit" value="Login">
    

    This post explains that <button> is not always compatible and might just explain why your variables that gets passed using post is empty on the other side.

    FUTHER INFO on the html5 <button> element

    Important: If you use the element in an HTML form, different browsers may submit different values. Internet Explorer, prior version 9, will submit the text between the and tags, while other browsers will submit the content of the value attribute. Use the element to create buttons in an HTML form.

    打赏 评论
  • douchong8393 2012-09-19 13:23

    I think Gautam's right here, ty a couple little tests to see what is actually going on:

    // trim these just in case
    $loginemail = trim($_REQUEST['loginemail']);
    $loginpassword = trim($_REQUEST['loginpassword']);
    
    $logincheck = "SELECT * FROM `ft_gameusers` 
    WHERE `email` = '$loginemail' AND `password` = '$loginpassword'";
    
    // copy & run this in an sql editor:
    echo $logincheck;
    
    // then try Gautam's ~ correct the quotes syntax error after loginpassword
    $logincheck2 = "SELECT * FROM `ft_gameusers` 
    WHERE `email` = '".$loginemail."' AND `password` = '".$loginpassword."';
    echo $logincheck;
    
    打赏 评论

相关推荐 更多相似问题