我有一个登录脚本,我想在成员表中插入最后一次登录,并在每次成员登录时更新它,但我遇到了一些问题。每次用户登录时都不会插入lastlogin
。这是我的代码
if(isset($_POST['submit'])){
$username = $_POST['username'];
$password = $_POST['password'];
if($user->login($username,$password)){
$_SESSION['username'] = $username;
try{
$stmt = $db->prepare("UPDATE admin SET login_date = now() where adminID = $adminID ");
$stmt->execute();
$stmt=null;
}
catch (PDOExeception $e){
$error[] = $e->getMessage();
}
header('Location: index.php');
exit;
}
else {
$error[] = '<div class="alert alert-danger fade in text-center">
<a href="#" class="close" data-dismiss="alert">×</a>
<strong>Error!</strong>
Wrong username or password or your account has not been activated.
</div>';
}
}
答案 0 :(得分:0)
检查错误数组的逻辑,尝试使用(或类似):
if (isset($_POST['submit'])){
$username = $_POST['username'];
$password = $_POST['password'];
if ($user->login($username,$password)) {
$_SESSION['username'] = $username;
try {
$stmt = $db->prepare("UPDATE admin SET login_date = now() where adminID = $adminID ");
$stmt->execute();
$stmt=null;
} catch (PDOExeception $e){
$error[] = $e->getMessage();
}
} else {
$error[] = 'Wrong username or password ...';
}
}
if (empty($error)) {
header('Location: index.php');
exit;
}
// show errors
foreach($error => $e) {
echo $e;
}
答案 1 :(得分:-1)
在SQL查询字符串中,您没有提供adminID变量,而是提取的adminID等于字符串值“$ AdminID”的用户,使用PDO将变量放入SQL查询的正确方法是使用带有引用变量的标记的prepare,然后给出一个将每个标记与PHP变量相关联的数组,如下所示:
$stmt = $db->prepare("UPDATE admin SET login_date = now() where adminID = :adminID");
$stmt ->execute(array(':adminID' => $adminID));
通过这种方式,您可以保护您的站点免受SQL注入。