更新用户登录时间

Question

我有一个登录脚本，我想将最后一次登录插入到成员表中，并在每次登录成员时更新它，但我遇到了一些问题。该lastlogin未被每次插入用户登录在这里是我的代码

if(isset($_POST['submit'])){ 
    $username = $_POST['username']; 
    $password = $_POST['password']; 

    if($user->login($username,$password)){ 
     $_SESSION['username'] = $username; 

     try{ 
      $stmt = $db->prepare("UPDATE admin SET login_date = now() where adminID = $adminID "); 
      $stmt->execute(); 
      $stmt=null; 
      } 
     catch (PDOExeception $e){ 
       $error[] = $e->getMessage(); 
      } 
     header('Location: index.php'); 
     exit; 
    } 
    else {  
      $error[] = '<div class="alert alert-danger fade in text-center"> 
          <a href="#" class="close" data-dismiss="alert">&times;</a> 
          <strong>Error!</strong> 
          Wrong username or password or your account has not been activated. 
         </div>'; 
    } 
} 

Answer 1

在您的SQL查询字符串，你不提供adminID变量，而不是你取谁的adminID等于字符串用户值“$ AdminID”，把变量在使用PDO一个SQL查询通过使用令牌参照变量，然后给每个令牌一个PHP变量关联数组，像这样准备的正确方法：

$stmt = $db->prepare("UPDATE admin SET login_date = now() where adminID = :adminID"); 
$stmt ->execute(array(':adminID' => $adminID)); 

用这种方法可以保护您的网站免受SQL注入。

Answer 2

检查你的错误阵列的逻辑，试图用（或类似）：

if (isset($_POST['submit'])){ 
    $username = $_POST['username']; 
    $password = $_POST['password']; 
    if ($user->login($username,$password)) { 
     $_SESSION['username'] = $username; 
     try { 
      $stmt = $db->prepare("UPDATE admin SET login_date = now() where adminID = $adminID "); 
      $stmt->execute(); 
      $stmt=null; 
     } catch (PDOExeception $e){ 
      $error[] = $e->getMessage(); 
     } 
    } else { 
     $error[] = 'Wrong username or password ...'; 
    } 
} 
if (empty($error)) { 
    header('Location: index.php'); 
    exit; 
} 
// show errors 
foreach($error => $e) { 
    echo $e; 
}