PHP
session_start();
$username = $_POST['regduser'];
$userpass = md5($_POST['regdpass']);
$sql = $sql->prepare("SELECT * from Students WHERE regduser='$username' and regdpass='$userpass'");
$sql->bindParam(':username', $username);
$sql->bindParam(':userpass', $userpass);
$stmnt->execute();
$result = mysql_query($sql);
if (mysql_num_rows($result)!= 1) {
$error = "Login failed";
#include "loginform.php";
} else {
echo "<h1>exists</h1>";
#$_SESSION['regduser'] = "$username";
#$_SESSION['ip'] = $_SERVER['REMOTE_ADDR'];
// any other data needed to navigate the site or
// to authenticate the user can be added here
#include "membersection.php";
}
?>
HTML:
<form action="inc/check_regUsr.php" method="post" id="userLogon">
<div class="field required">
Username: <input type="text" name="regduser" tabindex="1" /><br />
</div>
<div class="field required">
Password: <input type="password" name="regdpass" tabindex="2" /><br />
</div>
<input type="submit" name="submitUser" />
</form>
致命错误:在第9行的非对象上调用成员函数prepare() 那条线是:
$sql = $sql->prepare("SELECT * from Students WHERE regduser='$username' and regdpass='$userpass'");
我在这里做错了什么?!
答案 0 :(得分:5)
哦,从哪里开始...
$sql在哪里?:placeholdername,而不是$placeholdername。$sql,如果您有数据库连接,则会销毁它。$stmnt不存在mysql_query做什么?您有3个选项:mysql,mysqli或PDO。坚持一个,不要混合和匹配。答案 1 :(得分:2)
$sql根本不是对象。它必须是一个对象,例如来自PDO的对象,例如$sql = new PDO(…)。
此外,您应不使用MD5哈希密码,请参阅Secure hash and salt for PHP passwords。