用户登录phpmysql时随时更新上次登录时间

时间:2017-07-25 15:16:52

标签: php mysql pdo

我有一个登录脚本,我想在成员表中插入最后一次登录,并在每次成员登录时更新它,但我遇到了一些问题。每次用户登录时都不会插入lastlogin。这是我的代码

if(isset($_POST['submit'])){
    $username = $_POST['username'];
    $password = $_POST['password'];

    if($user->login($username,$password)){
        $_SESSION['username'] = $username;

        try{
            $stmt = $db->prepare("UPDATE admin  SET login_date = now() where adminID = $adminID ");
            $stmt->execute();
            $stmt=null;
            }
        catch (PDOExeception $e){
                $error[] = $e->getMessage();
            }
        header('Location: index.php');
        exit;
    } 
  else {      
           $error[] =  '<div class="alert alert-danger fade in text-center">
                           <a href="#" class="close" data-dismiss="alert">&times;</a>
                           <strong>Error!</strong> 
                            Wrong username or password or your account has not been activated.
                      </div>';
    }
}

2 个答案:

答案 0 :(得分:0)

检查错误数组的逻辑,尝试使用(或类似):

if (isset($_POST['submit'])){
    $username = $_POST['username'];
    $password = $_POST['password'];
    if ($user->login($username,$password)) {
        $_SESSION['username'] = $username;
        try {
            $stmt = $db->prepare("UPDATE admin  SET login_date = now() where adminID = $adminID ");
            $stmt->execute();
            $stmt=null;
        } catch (PDOExeception $e){
            $error[] = $e->getMessage();
        }
    } else {
        $error[] = 'Wrong username or password ...';
    }
}
if (empty($error)) {
    header('Location: index.php');
    exit;
}
// show errors
foreach($error => $e) {
    echo $e;
}

答案 1 :(得分:-1)

在SQL查询字符串中,您没有提供adminID变量,而是提取的adminID等于字符串值“$ AdminID”的用户,使用PDO将变量放入SQL查询的正确方法是使用带有引用变量的标记的prepare,然后给出一个将每个标记与PHP变量相关联的数组,如下所示:

$stmt = $db->prepare("UPDATE admin  SET login_date = now() where adminID = :adminID");
$stmt ->execute(array(':adminID' => $adminID));

通过这种方式,您可以保护您的站点免受SQL注入。

相关问题
最新问题