PDO bindValue()函数有一些问题。每当我使用它时,我的查询总是返回0个结果。但是,如果我在不使用bindValue()的情况下直接将$user和$pass放入sql中,它就可以正常工作了
$user是一个字符串
$password是sha1()散列
public function login($user, $pass) {
global $CMS;
$sql = "SELECT `username,`password` FROM `" . TB_PREFIX . "users` WHERE `username` = ':user' AND `password` = ':pass'";
$query = $CMS->prepare_query($sql);
$query->bindValue(':user', $user, PDO::PARAM_STR);
$query->bindValue(':pass', $pass, PDO::PARAM_STR);
$query->execute();
# User successfully authenticated
if ($query->rowCount() == 1) {
# Get all data from DB and populate class variables
self::populate_user_data($user);
session_register($user . "-" . base64_encode($_SERVER['REMOTE_ADDR']));
return true;
}
# User failed authentication
return false;
}
最佳答案
您不应该自己在值周围加引号,它们将被添加(如果需要,例如在字符串的情况下-本例中):
$sql = "SELECT `username,`password` FROM `" . TB_PREFIX . "users`
WHERE `username` = :user AND `password` = :pass";