1. 首页
  2. 问答
  3. 请帮我将PDO从旧的mysql转换为此代码

请帮我将PDO从旧的mysql转换为此代码

2013-04-30 115 views
-2

我是MySQL和PHP的新手。我一直在做一个像某种博客一样的项目。但我听说老的MySQL很脆弱或容易被破解。所以我被建议使用PDO。但我很困惑如何将此代码转换为PDO。请帮帮我。请帮我将PDO从旧的mysql转换为此代码

<?php 

//Start session 
session_start(); 

//Include database connection details 
require_once('scripts/dblog.php'); 

//Array to store validation errors 
$errmsg_arr = array(); 

//Validation error flag 
$errflag = false; 

//Function to sanitize values received from the form. Prevents SQL injection 
function clean($str) { 
    $str = @trim($str); 
    if(get_magic_quotes_gpc()) { 
     $str = stripslashes($str); 
    } 
    return mysql_real_escape_string($str); 
} 

//Sanitize the POST values 
$username = clean($_POST['username']); 
$password = clean($_POST['password']); 

//Input Validations 
if($username == '') { 
    $errmsg_arr[] = 'Username missing'; 
    $errflag = true; 
} 

if($password == '') { 
    $errmsg_arr[] = 'Password missing'; 
    $errflag = true; 
} 

//If there are input validations, redirect back to the login form 
if($errflag) { 
    $_SESSION['ERRMSG_ARR'] = $errmsg_arr; 
    session_write_close(); 
    header("location: login.php"); 
    exit(); 
} 

//Create query 
$qry="SELECT * FROM member WHERE BINARY username='$username' AND BINARY password='$password'"; 
$result=mysql_query($qry); 

//Check whether the query was successful or not 
if($result) { 
    if(mysql_num_rows($result) > 0) { 
     //Login Successful 
     session_regenerate_id(); 
     $member = mysql_fetch_assoc($result); 
     $_SESSION['SESS_MEMBER_ID'] = $member['mem_id']; 
     $_SESSION['SESS_FIRST_NAME'] = $member['username']; 
     $_SESSION['SESS_LAST_NAME'] = $member['password']; 

     session_write_close(); 
     header("location: post.php"); 
     exit(); 
    } else { 
     //Login failed 
     $errmsg_arr[] = '<div class="alert alert-error">user name and password not found</div>'; 
     $errflag = true; 
     if($errflag) { 
     $_SESSION['ERRMSG_ARR'] = $errmsg_arr; 
     session_write_close(); 
     header("location: login.php"); 
     exit(); 
     } 
    } 
} else { 
    die("Query failed"); 
} 
?>

来源

2013-04-30 Fahad Ahammed

+2

什么帮助你实际上是要求?为你重写这段代码? – 2013-04-30 14:08:24

+0

如果有可能...如果不是,那么至少告诉我使用该代码是否过时并容易破解? – 2013-04-30 14:15:22

回答

0

您需要创建一个包含数据源名称的PDO对象,它是一个像这样的字符串:

$dsn = "mysql:dbname=DATABASENAME;host=localhost;";

您创建PDO对象这样的,这是基本的mysql_connect的equivilent ():

$database = new PDO($dsn, "Username", "Password");

要执行你使用的查询:(的mysql_query的equivilent())

$query = $database->query("SELECT * FROM table where name = ?", ['Test']);

获取结果的使用(mysql_fetch_array的eqivilent())$query->fetchAll(PDO::FETCH_OBJ);

来源

2013-04-30 14:14:13 Liam

+0

非常感谢。 :-)对PDO有更清晰的认识。 – 2013-04-30 14:31:30

0

希望这将帮助你

<?php 
try { 
    $dbh=new PDO('mysql:host=localhost;dbname=mysql','user','pass'); 

    $qry="SELECT * FROM member WHERE BINARY username='$username' AND BINARY password='$password'"; 
    //$result=mysql_query($qry); 
    $result=$dbh->query($qry); 
}catch (PDOException $e){ 
    print "PDO ERROR :".$e->getMessage()."<br/>"; 
    die(); 
} 






//Check whether the query was successful or not 
if($result) { 
    if($result->rowCount() > 0) { 
     //Login Successful 
     session_regenerate_id(); 
     $member = $result->fetchAll(PDO::FETCH_ASSOC); 
     $_SESSION['SESS_MEMBER_ID'] = $member['mem_id']; 
     $_SESSION['SESS_FIRST_NAME'] = $member['username']; 
     $_SESSION['SESS_LAST_NAME'] = $member['password']; 
     session_write_close(); 
     header("location: post.php"); 
     exit(); 
    }else { 
     //Login failed 
     $errmsg_arr[] = '<div class="alert alert-error">user name and password not found</div>'; 
     $errflag = true; 
     if($errflag) { 
      $_SESSION['ERRMSG_ARR'] = $errmsg_arr; 
      session_write_close(); 
      header("location: login.php"); 
      exit(); 
     } 
    } 
}else { 
    die("Query failed"); 
} 
$dbh=null; //close pdo 
?>

来源

2013-04-30 14:19:30 user2336173

1

尽管这个问题太过本地化,has been asked MANY times already - 只是为了向你展示更好的实践tice

  • 你需要绑定你的参数。
  • 最好少写一些代码。这将节省您的时间上打字
  • tag wiki

描述,以便连接,在这里你去

session_start(); 
require_once('scripts/dblog.php'); 

$sql = "SELECT * FROM member WHERE username=? AND password=?"; 
$stm = $pdo->prepare($sql); 
$stm->execute($_POST); 
$row = $stm->fetch(); 

if($row) { 
    session_regenerate_id(); 
    $_SESSION['user'] = $row; 
    $loc ='post.php'; 
} else { 
    $_SESSION['ERRMSG_ARR'] = 'user name and password not found'; 
    $loc ='login.php'; 
} 
session_write_close(); 
header("location: $loc");

来源

2013-04-30 14:27:05

相关问题

 相关问题