问题
I will admit php is a new language to me.
Now I can get each of these working individually. In my prepare query SELECT * FROM... will allow my PDO fetch assoc while loop to work, but then fetch column doesn't work. And then I use SELECT COUNT(*) my fetch column works but then my fetch assoc doesn't.
So Is there away around this so both will work? As I need the fetch column to return how many rows there are as an integer value (1 or 0) to determine if the user has entered log in information. But then I need fetch column there to return back the string value of what is entered in my username section of the table in my database. So that I can use this information to check it against the input from the user to validate the user and password.
Thanks, here's my code. If you need it explained more clearly I'll have a go.
<?php
$config['db'] = array(
'host' => 'localhost',
'username' => 'root',
'password' => '',
'dbname' => 'inb271assignment'
);
$pdo = new PDO('mysql:host=' . $config['db']['host'] . '; dbname=' . $config['db']['dbname'], $config['db']['username'], $config['db']['password']);
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
try
{
$pdo->beginTransaction();
$username = $_POST['Username'];
$password = $_POST['Password'];
//Nicholas will be $dbUsername when fetch is working correctly.
$databaseusername = Nicholas;
if ($username&&$password)
{
$result = $pdo->prepare("SELECT COUNT(*) FROM members WHERE Username=?");
$result->execute(array($databaseusername));
$row = $result->fetchColumn();
if ($row!=0) {
while ($rows = $result->fetch(PDO::FETCH_ASSOC)) {
$dbUsername = $rows['Username'];
}
echo $dbUsername;
}
else
die("That user doesn't exist");
}
$pdo->commit();
}
catch(PDOException $pe)
{
echo($pe->getMessage());
}
?>
So currently I have SELECT COUNT(*) in there. So if I enter a username and password in my form on the page before it will return back as !=0 allowing the while loop to work. And the while loop normally works if I have SELECT *. But because I don't because I need the count it doesn't. So I can't retrieve the info I need from the database.
回答1:
Use SELECT * FROM ... and PDO fetch assoc as normally and use $result->rowCount(); for returning all affected rows, which is equivalent with SELECT COUNT(*)
回答2:
If you query with count(*) only to find out if there is a user with the given username in the database, then you don't need it. You could instead fetch the first row, and if it's empty then there is no user otherwise there is at least one. So you have implicitly your information.
$rowNum = 0;
foreach ($result->fetchAll(PDO::FETCH_ASSOC) as $row) {
$rowNum = $rowNum + 1;
$dbUsername = $row['Username']; // btw after the loop you have only the name of the last row
}
if ($row>0) {
echo $dbUsername;
}
回答3:
First of all you need to understand the meaning of each operator you are using.
And then use it smart, only when required, instead of adding whatever operators just because you've seen them used somewhere.
As a matter of fact, you don't need neither COUNT(*) nor rowCount(), nor while. Only one row is supposed to be returned. That's enough.
Transaction and try..catch also counts.
What you really need is just a few lines of code:
if (isset($_POST['Username']))
{
$sql = "SELECT * FROM members WHERE Username=? AND Password=?";
$result = $pdo->prepare($sql);
$result->execute(array($_POST['Username'],$_POST['Password']));
return $result->fetch();
// or do whatever you want with returned data
}
that's all
回答4:
The example of login has one big flaw, it picks the password from the $_POST and queries it directly to mysql.
Which means that the password is in clear in the database.
To apply best practices, you should hash+salt the passwords and encrypt all personal data.
Good overview on how to do it:
http://www.sitepoint.com/hashing-passwords-php-5-5-password-hashing-api/
来源:https://stackoverflow.com/questions/16881472/use-fetch-column-and-fetchpdofetch-assoc-together