我有一个小登录脚本。SQLSTATE [HY000]:PHP和PDO的一般错误
function login($sql) {
try {
$fbhost = "localhost";
$fbname = "foodbank";
$fbusername = "root";
$fbpassword = "";
$DBH = new PDO("mysql:host=$fbhost;dbname=$fbname",$fbusername,$fbpassword);
$DBH->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$STH = $DBH->query($sql);
$STH->setFetchMode(PDO::FETCH_ASSOC);
session_start();
if ($row = $STH->fetch()) {
$_SESSION['username'] = "$row[username]";
header("Location:index.php");
}
} catch(PDOException $e) {
echo $e->getMessage();
}
}
EDITS:
的index.php
$sql = "SELECT username from users where username = ". $_POST['username'] ." AND password = ". $_POST['password'] ."";
login($sql);
从插入上述改为选择查询。现在,我得到新的错误: SQLSTATE [42S22]:列未发现:在1054未知列'pvtpyro“where子句”
$ data和$ sql的值是多少? – ChristopheBrun
@Herode我将我的代码添加到底部 –
请注意我的答案中的编辑。不要使用您提供的SELECT查询,因为SQL注入不安全。 – stef77