PDO扩展连接mysql数据库，并实现用户登录时防sql注入的处理

发布于：2022-01-24 08:49:38  栏目：技术文档

用户登录

• 使用预处理，防止sql注入攻击

// 1.连接数据库
$config = require_once __DIR__ .DIRECTORY_SEPARATOR .'connect.php';
// var_dump($config);
// pdo预处理接入
// 准备一条预处理sql语句
$sql = "SELECT * FROM `users` WHERE `username`= ? and `password` = ? ";
// 准备要执行的语句，并返回语句对象
$stmt = $pdo->prepare($sql);
// 绑定参数到指定的变量名
$para = [$name,$pwd];
// 执行一条预处理语句
$stmt->execute($para);
$res = $stmt->fetchAll(PDO::FETCH_ASSOC);
// var_dump($res);
if(empty($res)){
    echo (json_encode(array('code'=>1, 'msg'=>'用户名或密码不正确。')));
};

用户登录

<!doctype html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta http-equiv="X-UA-Compatible" content="ie=edge">
    <style>
        *{margin:0;padding:0;border:0;font-size:100%;font:inherit;vertical-align:baseline;}
        article, aside, details, figcaption, figure,footer, header, hgroup, menu, nav, section {display: block;}
        ol,ul{list-style:none;margin:0px;padding:0px;}
        blockquote,q{quotes:none;}
        blockquote:before,blockquote:after,q:before,q:after{content:'';content:none;}
        table{border-collapse:collapse;border-spacing:0;}
        /*-- start editing from here --*/
        a{text-decoration:none;}
        .txt-rt{text-align:right;}/* text align right */
        .txt-lt{text-align:left;}/* text align left */
        .txt-center{text-align:center;}/* text align center */
        .float-rt{float:right;}/* float right */
        .float-lt{float:left;}/* float left */
        .clear{clear:both;}/* clear float */
        .pos-relative{position:relative;}/* Position Relative */
        .pos-absolute{position:absolute;}/* Position Absolute */
        .vertical-base{    vertical-align:baseline;}/* vertical align baseline */
        .vertical-top{    vertical-align:top;}/* vertical align top */
        nav.vertical ul li{    display:block;}/* vertical menu */
        nav.horizontal ul li{    display: inline-block;}/* horizontal menu */
        img{max-width:100%;}
        body {
            font-family: Verdana, serif;
            background: #fffef9;
        }
        .main-login {
            width: 35%;
            margin: 108px auto;
            background: #f2eada;
            background-size: cover;
        }
        .main-login > form {
            height: 368px;
            display: flex;
            flex-direction: column;
            justify-content: space-evenly;
            align-items: center;
        }
        .login-input{
            width: 94%;
            position: relative;
        }
        .login-input  .iconfont{
            position: absolute;
            top: 8px;
            left: 26px;
            z-index: 2;
            font-size: 26px;
            color: #77787b;
        }
        input[type="text"],input[type="password"]{
            font-size: 1em;
            font-weight:100;
            height: 38px;
            width: 82%;
            margin-left: 18px;
            padding-left: 42px;
            position: absolute;
        }
        .login-text > ul {
            width: 100%;
            display: flex;
            justify-content: space-between;
        }
        .login-button{
            font-size: 1.2em;
            height: 38px;
            width: 48%;
            background-color: #1E9FFF;
        }
         .am-topbar-right{
             display: flex;
             flex-direction: column;
             width: 580px;
             height: 400px;
             margin: 200px auto;
             background-color: #fff;
         }
    </style>
    <title>LOGIN</title>
</head>
<body>
<!-- main -->
<div class="main-login">
    <form>
        <div class="login-input">
            <span class="iconfont icon-yonghuming"></span>
            <input class="text" type="text" name="username" placeholder="Username" required="">
        </div>
        <div class="login-input">
            <span class="iconfont icon-mima"></span>
            <input class="text" type="password" name="password" placeholder="Password" required="">
        </div>
        <div class="login-text" style="width: 86%">
            <ul>
                <li>
                    <label class="anim">
                        <input type="checkbox" class="checkbox" required="">
                        <span> Remember me ?</span>
                    </label>
                </li>
                <li><a href="/regist"> Regist account ?</a> </li>
            </ul>
        </div>
        <button type='button' name='btn' class="login-button">LOGIN</button>
    </form>
</div>
<!-- //main -->
</body>
</html>
<script type="text/javascript" src="./JQuery3.5.1/jquery.3.5.1.js"></script>
<script>
    $('button[name="btn"]').click(function() {
        var data = {};
        data.username = $.trim($('input[name="username"]').val());
        data.password = $.trim($('input[name="password"]').val());
        $.post('doLogin.php', data, function(res) {
            // console.log(res);
            alert(res.msg)
        }, 'json')
    })
</script>

执行登录

<?php
// 后端可接受前端传过来的参数
$name = isset($_POST['username']) ? $_POST['username'] : null;
$pwd = isset($_POST['password']) ? $_POST['password'] : null;
$pwd = password_hash('$pwd',PASSWORD_DEFAULT);
// var_dump($name, $pwd);
// die();
// 1.连接数据库
$config = require_once __DIR__ .DIRECTORY_SEPARATOR .'connect.php';
// var_dump($config);
// pdo预处理接入
// 准备一条预处理sql语句
$sql = "SELECT * FROM `users` WHERE `username`= ? and `password` = ? ";
// 准备要执行的语句，并返回语句对象
$stmt = $pdo->prepare($sql);
// 绑定参数到指定的变量名
$para = [$name,$pwd];
// 执行一条预处理语句
$stmt->execute($para);
$res = $stmt->fetchAll(PDO::FETCH_ASSOC);
// var_dump($res);
if(empty($res)){
    echo (json_encode(array('code'=>1, 'msg'=>'用户名或密码不正确。')));
};

[https://help10086.cn/0121/login.php]

相关推荐