PDO prepare() error Php / Mysql
PHP
session_start();
$username = $_POST['regduser'];
$userpass = md5($_POST['regdpass']);
$sql = $sql->prepare("SELECT * from Students WHERE regduser='$username' and regdpass='$userpass'");
$sql->bindParam(':username', $username);
$sql->bindParam(':userpass', $userpass);
$stmnt->execute();
$result = mysql_query($sql);
if (mysql_num_rows($result)!= 1) {
$error = "Login failed";
#include "loginform.php";
} else {
echo "<h1>exists</h1>";
#$_SESSION['regduser'] = "$username";
#$_SESSION['ip'] = $_SERVER['REMOTE_ADDR'];
// any other data needed to navigate the site or
// to authenticate the user can be added here
#include "membersection.php";
}
?>
HTML:
<form action="inc/check_regUsr.php" method="post" id="userLogon">
<开发者_如何学JAVA;div class="field required">
Username: <input type="text" name="regduser" tabindex="1" /><br />
</div>
<div class="field required">
Password: <input type="password" name="regdpass" tabindex="2" /><br />
</div>
<input type="submit" name="submitUser" />
</form>
Fatal error: Call to a member function prepare() on a non-object on line 9 That line is:
$sql = $sql->prepare("SELECT * from Students WHERE regduser='$username' and regdpass='$userpass'");
What am I doing wrong here?!
Ohoh, where to begin...
- Where is the database connection
$sqlmade? - Use
:placeholdernamein prepared statements, not$placeholdername. - You are overwriting
$sql, destroying your database connection if you ever had one. $stmntdoes not exist- What does
mysql_querydo there? You have 3 options:mysql,mysqliorPDO. Stick with one, don't mix & match.
$sql is not an object at all. It has to be an object, like something from PDO, e.g. $sql = new PDO(…).
Furthermore, you should not use MD5 hashes for passwords, see Secure hash and salt for PHP passwords.
加载中,请稍侯......
精彩评论