这旨在帮助我了解查询的内容。
应告诉我查询的值并打印出来。
它不会因某种原因拉取用户标识,而是说0或null。
打印:
string(0) "" NULL string(11) "pwdhere" The userid is 0 and the password is pwdhere----oooo set as oooo----6179cbcdc21dd1b3c478e7e2226e0432
会话应该是这32个字符还是用户ID /用户名?
为什么不拉扯用户ID?
当密码错误时,它是什么工作?
感谢!!!
<?php
//Store the login in the session:
session_start();
?>
<?php
include ("connectionlinkhere.php");
//connection errors if any...
if (mysqli_connect_errno()) {
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
//GETTING DATA FROM FORM
$userid = htmlentities($_POST['userid'], ENT_QUOTES);
$password = htmlentities($_POST['password'], ENT_QUOTES);
//create a prepared statement
if ($stmt = $mysqli->prepare("SELECT userid, username, password FROM admins WHERE userid=? and password=?"))
{
// bind parameters-define them...the -iss- is for integer, string, string
$stmt->bind_param("iss", $userid, $username, $password);
//execute...
$stmt->execute();
// bind result variables
$stmt->bind_result($userid, $username, $password);
//fetch value
$stmt->fetch();
//to see what the database query is actually pulling
var_dump($userid, $username, $password);
//tell it to format the query results and then print the sentence
$format = 'The userid is %d and the password is %s';
echo sprintf($format, $userid, $password);
//set session
$_SESSION['userid'] = $_POST['username'];
//just to break up the line
echo "----oooo set as oooo----" ;
//this is the 32 digit session value, although assigned as userid or username
echo session_id();
/* close statement */
$stmt->close();
}
// redirect the user
//header("Location: index.php");
else
{
echo "what are you doing...";
}
/* close connection */
$mysqli->close();
?>
答案 0 :(得分:0)
您使用bind_param()将查询中的?替换为您要查找的内容。您可以使用bind_result()从查询中获取数据(您可以从我看到的内容中正确完成)。将要搜索的数据放在bind_param()中以替换?。
正在撰写评论,然后意识到这可能是问题...谢谢@EdCottrell。