PHP error: Call to a member function rowCount() on a non-object

后端 未结 3 1687
栀梦
栀梦 2021-01-16 20:20

I\'m working on web app that require a login page, everything work fine but i noticed that when a user try to connect and his password contain caracter he can\'t and an ugly

3条回答
  •  伪装坚强ぢ
    2021-01-16 20:51

    It's not safe to pass parameters to a query like the way you did. The problem you encountered might be caused by some unsafe characters. You might need to escape it.

    Your implementation is wide open to SQL Injection. Use prepared statement instead. It's safer and will save you from problems such as this.

    And one more thing, I notice that you are trying to search $_GET['password'] inside your database directly. Where I can conclude that you store the password inside your database without any hashing or encryption. You might want to reconsider that.

提交回复
热议问题