检查用户名和密码，PHP

Question

我试图创建一个PHP的用户名和密码检查，但不能让它的工作，这里是代码：

<?php 
$servername = "iphere"; 
$user = "userhere"; 
$pass = "passwordhere"; 
$dbname = "databasehere"; 

try { 
    $username = $_GET['username']; 
    $password = $_GET['password']; 
    $conn = new PDO("mysql:host=$servername;dbname=$dbname", $user, $pass); 
    $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); 
    $stmt = $conn->prepare("SELECT username FROM users WHERE username = :name AND password = :password"); 
    $stmt->bindParam(':name', $username); 
    $stmt->bindParam(':password', $password); 
    $stmt->execute(); 
    $result = $stmt->setFetchMode(PDO::FETCH_ASSOC); 

    if($username == $result && $password == $result) 
    { 
     echo "OK"; 
    } 
    else 
    { 
     echo "not OK"; 
    } 


} 
catch(PDOException $e) { 
    echo "Error"; 
} 
$conn = null; 
?> 

它不给任何错误或任何东西。它只是回声好，那就是它。顺便说一句，我用GET来做我的另一个项目。所以我稍后会改变它。

Answer 1

除非有一个错误，这一点：

$result = $stmt->setFetchMode(PDO::FETCH_ASSOC); 

永远是布尔值true。

然后，您可以执行此测试：

if($username == $result && $password == $result) 

非空字符串将总是等于true。

---

计数从数据库返回的行数。

Answer 2

忽略的事实是：

• 你的密码是明文你使用bindParam无故

然后，我会使用的代码会是这样的（没有测试，小心）：

$stmt = $pdo->prepare("SELECT COUNT(*) AS user_exists FROM users WHERE username = :username AND password = :password"); 

$stmt->execute([':username' => $username, ':password' => $password]); 

// This will return the value of first column, our query will always produce 1 row with 1 column 
$exists = $stmt->fetchColumn(); 

// If you are using MySQL ND (native driver), then the above result will be 
// accurately represented as an integer so we can use it in an if() statement like this 
if($exists) 
{ 
    echo "OK!"; 
} 
else 
{ 
    echo "Not ok!"; 
}