本文介紹了調(diào)用未定義的方法 PDO::execute()的處理方法,對(duì)大家解決問(wèn)題具有一定的參考價(jià)值,需要的朋友們下面隨著小編來(lái)一起學(xué)習(xí)吧!
問(wèn)題描述
我正在嘗試對(duì)頁(yè)面登錄進(jìn)行編碼,但我被這個(gè)錯(cuò)誤阻止了
i'm trying to code a page login but i was stopper at this error
請(qǐng)告訴我這里的錯(cuò)誤
<?php
@session_start();
include("../../connexion/connexion.php");
class login_class {
public $user;
public $password;
public $connexion;
public function check_login() {
try {
$cn = new class_connect();
$this->connexion = $cn->connect(null);
$result = $this->connexion->execute("select * from user where username='$this->user' and password='$this->password'");
$data = $result->fetchAll(PDO::FETCH_OBJ);
if (!empty($data[0]->id_user)) {
return true;
}else {
return false;
}
}catch(PDOException $ex) {
echo $ex->getMessage();
}
}
public function __construct($user) {
if($user){
$this->user = $user["username"];
$this->password = $user["password"];
}
}
}
?>
推薦答案
->execute() 用于準(zhǔn)備好的語(yǔ)句.例如
->execute() is for prepared statements. e.g.
$stmt = $dbh->prepare('some query here');
$stmt->execute();
您正在嘗試直接在主數(shù)據(jù)庫(kù)對(duì)象上執(zhí)行查詢.對(duì)于 PDO,這意味著
You're trying to execute a query directly on the main DB object. For PDO, that means
$dbh->exec('query goes here');
您真的應(yīng)該查看準(zhǔn)備好的語(yǔ)句.您很容易受到SQL 注入攻擊的影響,而且由于您一開(kāi)始使用的是 PDO,因此基本上是不可原諒的不要編寫(xiě)安全的查詢.
You really should look into prepared statements. You're vulnerable to SQL injection attacks as is, and since you're using PDO to begin with, it's basically unforgivable to NOT be writing safe queries.
這篇關(guān)于調(diào)用未定義的方法 PDO::execute()的文章就介紹到這了,希望我們推薦的答案對(duì)大家有所幫助,也希望大家多多支持html5模板網(wǎng)!
【網(wǎng)站聲明】本站部分內(nèi)容來(lái)源于互聯(lián)網(wǎng),旨在幫助大家更快的解決問(wèn)題,如果有圖片或者內(nèi)容侵犯了您的權(quán)益,請(qǐng)聯(lián)系我們刪除處理,感謝您的支持!