用PDO扩展连接mysql数据库 实现用户登录时防sql注入的处理
发布于:2022-01-26 17:41:29
次阅读
PDO扩展连接mysql数据库
<?php//配置数据库信息$config= [ 'type' => $type ?? 'mysql' ,'username' => $username ?? 'root' ,'password' => $password ?? '123456' ,'host' => $host ?? 'localhost' ,'port' => $port ?? '3306' ,'charset' => $charset ?? 'utf8' ,'dbname' => 'mydb' ];$dsn = sprintf('%s:host=%s;port=%s;charset=%s;dbname=%s' ,$config['type'] ,$config['host'] ,$config['port'] ,$config['charset'] ,$config['dbname']);//连接数据库try { $pdo = new PDO($dsn, $config['username'], $config['password']);} catch (PDOException $e) { die('Connection error : ' . $e->getMessage());}//接受前端传过来的参数if ( 'login' == $_POST['a'] ){$n = isset($_POST['username']) ? $_POST['username'] : null;$p = isset($_POST['password']) ? $_POST['password'] : null;$p = md5($p);//使用预处理,防止sql注入攻击// 准备预处理sql语句$sql = "SELECT * FROM `webuser` WHERE `username`= ? and `password` = ? ";// 准备要执行的语句,并返回语句对象$stmt = $pdo->prepare($sql);// 执行一条预处理语句$stmt->execute(array($n,$p));//返回结果集$res = $stmt->fetchAll(PDO::FETCH_ASSOC);if($res){ echo '登陆成功';}else{ echo '帐号或密码不正确';}}?><!doctype html><html lang="en"><head><meta charset="UTF-8"><title>用户登录</title></head><body><form action="" method="POST"><input type = 'hidden' name = 'a' value = 'login' ><table border = '1' ><tr><td>帐号:</td><td><input type = 'text' name = 'username' ></td></tr><tr><td>密码:</td><td><input type = 'password' name = 'password' ></td></tr><tr><td colspan = '2' style = 'text-align:center'><input type = 'submit' value = '登 陆'></td></tr></table></form></body></html>