我是PHP的新手,目前我正在做第一个项目来建立一个用来评估员工的网站。要求是使用PDO来防止SQL注入和会话。 login.php工作,但当它切换到cpanel页面(包括session.php)时,它不会显示任何内容。好像我用PDO和mysql命令搞砸了代码。 我在终端使用php -f session.php并有这一行:
PHP Notice: Undefined index: login_user in /var/www/docs/cent285
/project1/source/session.php on line 7
PHP Fatal error: Call to a member function fetch() on a non-object
in /var/www/docs/cent285/project1/source/session.php on line 10
Loginform.php
<form action="source/login.php" method="post">
<input id="name" name="username" placeholder="username" type="text">
<input id="password" name="password" placeholder="password" type="password">
<input name="submit" type="submit" value=" Login ">
</form>
的login.php
<?php
require_once('config.php');
$error=''; // Variable To Store Error Message
if (isset($_POST['submit'])) {
if (empty($_POST['username']) || empty($_POST['password']))
{
$error = "Username or Password is invalid";
}
else
{
$pdo = connect();
$username = $_POST['username'];
$password = $_POST['password'];
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$sql = "select id, division, department from " .
"check_user(:usr,:pass) as (id integer, " .
"division text, department text)";
$statement = $pdo->prepare($sql);
$myarray = array();
$myarray[':usr'] = $username;
$myarray[':pass'] = $password;
$statement->execute($myarray);
$row = $statement->fetch(PDO::FETCH_ASSOC);
if ($row['id'] > 0) {
session_start();
$_SESSION['login_user']=$username;
$div = $row['division'];
$dept = $row['department'];
$loggedIn = TRUE;
header("Location: ../cpanel.php");
exit(); }
else
{
mysql_close($pdo);
header("location:../404.html");
}
}
}
?>
session.php
<?php
session_start();
$connection= "pgsql:host=localhost dbname=proj1_db " .
"user=bob password=somepass";
$user_check= $_SESSION['login_user'];
$ses_sql="select username from users where username='$user_check'";
$row = $ses_sql->fetch(PDO::FETCH_ASSOC);
$login_session =$row['username'];
if(!isset($login_session)){
mysql_close($connection);
header('Location: ../index.html');
}
?>
cpanel.php
<?php
include('source/session.php');
$pdo = connect();
if (!$pdo) {
die("Could not connect");
}
$div = $_GET["div"];
$dept = $_GET["dept"];
var_dump($div);
var_dump($dept);
$myarray = array();
if ($div !== $dept) {
$sql = "select * from users_evaluations_view " .
"where department=:dept";
$myarray[':dept'] = $dept;
}
$statement = $pdo->prepare($sql);
$statement->execute($myarray);
?>
<!DOCTYPE html>
<html>
<head>
<title>Your Home Page</title>
<link href="style.css" rel="stylesheet" type="text/css">
</head>
<body>
<div id="profile">
<b id="welcome">Welcome : <i><?php echo $login_session; ?></i></b>
<?php
while ($row = $statement->fetch(PDO::FETCH_ASSOC)) {
echo $row['uid'] . "<br />\n"; }
?>
<b id="logout"><a href="logout.php">Log Out</a></b>
</div>
</body>
</html>
的config.php
<?php
function connect(){
$pdoString= "pgsql:host=localhost dbname=proj1_db " .
"user=bob password=somepass";
$pdo = new PDO($pdoString);
return $pdo;
}
?>