我正在尝试选择并使用PDO插入数据库。当我在url中传递我的参数时,它完美地运行。但是当网址中没有任何内容时,我会收到2个错误。
Notice: Undefined index: username in C:\wamp64\www\MT\magiclogin.php on line 19
Notice: Undefined index: password in C:\wamp64\www\MT\magiclogin.php on line 20
发布工作完美,但我想通过网址发送并删除HTML。但每次我重新加载页面我都会收到错误。这是我的代码
<?php
if($_SERVER['REQUEST_METHOD'] =="GET"){
try{
// new php data object
$handler = new PDO('mysql:host=127.0.0.1;dbname=magicsever', 'root', '');
//ATTR_ERRMODE set to exception
$handler->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
}catch(PDOException $e){
die("There was an error connecting to the database");
}
$username = trim($_GET['username']);
$password = trim($_GET['password']);
$stmt = $handler->prepare("SELECT * FROM generalusersdata WHERE username = ?");
$stmt->execute(array($username));
if($row = $stmt->fetch()){
$hashedPassword = md5(md5($row['user_id']).$_GET['password']);
if($hashedPassword == $row['password']){
$token = md5(uniqid(mt_rand(), true));
$stmtTokenCheck = $handler->prepare("SELECT * FROM token_table WHERE token = ?");
$stmtTokenCheck->execute(array($token));
if($rowToken = $stmtTokenCheck->fetch()){
$token = md5(uniqid(mt_rand(), true));
}
$time = time();
$stmt = $handler->prepare("INSERT INTO token_table (timestamp, user_id, token)VALUES(?, ?, ?)");
$stmt->execute(array($time, $row['user_id'], $token));
echo json_encode([
"timestamp" => $time,
"token" => $token,
"fullname" => $row['fullname'],
"username" => $row['username'],
"email" => $row['email']
]);
}else{
die("Password or Username entered is incorrect!");
}
}else{
die("Password or Username entered is incorrect!");
}
}
?>
答案 0 :(得分:3)
如果url查询中没有用户名或密码参数(.as-console-wrapper { max-height: 100% !important; top: 0; }之后的网址部分),则$ _GET数组将为空。
在尝试用它们做逻辑之前,你应该检查这些参数是否为空:
?还必须注意,通过url查询发送密码是不安全的。此外,md5不足以加密密码。查看PHP的password_hash函数。
答案 1 :(得分:1)
如果你在第一行尝试这个怎么办:
if(isset($_GET['username']) && isset($_GET['password'])) {
...
而不是if($_SERVER['REQUEST_METHOD'] =="GET"){