Mysqli导致登录表单根本不起作用

时间:2012-06-11 15:13:11

标签: php mysqli

我的登录表单有点问题。我认为问题是mysqli代码,因为当代码是旧的mysql代码时,登录工作正常,但由于我将其更改为mysqli,它还没有完全正常工作。

假设用户将在登录表单中输入用户名和密码,当用户点击“登录”按钮时,如果用户名和密码正确,则会在数据库中检查。如果正确则导航到menu.php页面如果登录不正确,则显示一条消息,说明登录不正确,请重试。

相反,下面的代码是当用户输入他们的用户名和密码并点击“登录”按钮时,无论用户名和密码是否正确,它只是刷新来自,它不会导航到menu.php页面或显示登录不正确的消息。

所以我的问题是,为什么会发生这种情况,为什么登录后不导航用户或显示错误的登录信息?

代码更新以显示当前代码:

<?php

ini_set('display_errors',1); 
 error_reporting(E_ALL);

    // PHP code
    session_start(); 

    $username="xxx";
    $password="xxx";
    $database="mobile_app";

    $mysqli = new mysqli("localhost", $username, $password, $database)or die( "Unable to select database");

    foreach (array('teacherusername','teacherpassword') as $varname) {
            $$varname = (isset($_POST[$varname])) ? $_POST[$varname] : '';
          }

    // move this outside the condiitonal
    $loged = false;

    if (isset($_POST['submit'])) {

    $query = $mysqli->prepare("
    SELECT * FROM Teacher t  
    WHERE 
    (t.TeacherUsername=?)
    AND
    (t.TeacherPassword=?)
    ");

   $stmt=$mysqli->prepare($query);
   $stmt->bind_param("s",$teacherusername);
   $stmt->bind_param("s",$teacherpassword);

   $stmt->execute(); 

   $stmt->bind_result($TeacherId,$TeacherForename,$TeacherSurname,$TeacherUsername,$TeacherPassword);

    while($row=$stmt->fetch())
      {

          if ($_POST['teacherusername'] == ($row['TeacherUsername']) && $_POST['teacherpassword'] == ($row['TeacherPassword']))
          {
              $loged = true;
          }

$_SESSION['teacherforename'] = $row['TeacherForename'];
$_SESSION['teachersurname'] = $row['TeacherSurname'];
$_SESSION['teacherusername'] = $row['TeacherUsername'];

      }

      if ($loged == true){
      header( 'Location: menu.php' ) ;
    }
    }

     ?>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Teacher Login </title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="stylesheet" type="text/css" href="LoginStyle.css">
</head>
<body>
<?php if ($loged == false && $_POST) {
  echo "The Username or Password that you Entered is not Valid. Try Entering it Again.";
  }
?>
<form action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>" method="post" id="teachLoginForm">        
    <p>Username</p><p><input type="text" name="teacherusername" /></p>      <!-- Enter Teacher Username-->
    <p>Password</p><p><input type="password" name="teacherpassword" /></p>  <!-- Enter Teacher Password--> 
    <p><input id="loginSubmit" type="submit" value="Login" name="submit" /></p>
    </form>

</body>
</html>

更新:

我已经开启了错误报告,并且上面的代码是我从其中一个答案中检索到的,它给了我一个警告和一个致命的错误,如下所示:

Warning: mysqli::prepare() expects parameter 1 to be string, object given in /web/stud/xxx/Mobile_app/teacherlogin.php on line 33

Fatal error: Call to a member function bind_param() on a non-object in /web/stud/xxx/Mobile_app/teacherlogin.php on line 34

这些意味着什么,有没有人有任何想法如何解决它们?我更新了上面的代码以显示当前代码。

2 个答案:

答案 0 :(得分:1)

更新/编辑:

继续你的评论之后,我又看了一下你的mysqli代码并注意到你犯了一些错误(多个prepare和bind_result语句以及其他一些东西)。我已经更新了以下代码,该代码已经做了一些改进/应该解决您的问题。我对你的数据库模式我不太确定,但实际上更好地说明你想要的列而不是使用(*)就像你将来添加另一个列并且不更新代码一样,它会破坏你的mysqli语句,因为bind_result将与您的查询不匹配。 

<?php
  // PHP code
  session_start(); 

  $username="xxx";
  $password="xxx";
  $database="mobile_app";

  $mysqli = new mysqli("localhost", $username, $password, $database);

  /* check connection */
  if (mysqli_connect_errno()) {
    printf("Connect failed: %s\n", mysqli_connect_error());
    die();
  }

  // required variables (make them explciit no need for foreach loop)
  $teacherusername = (isset($_POST['teacherusername'])) ? $_POST['teacherusername'] : '';
  $teacherpassword = (isset($_POST['teacherpassword'])) ? $_POST['teacherpassword'] : '';
  $loggedIn = false;

  if (isset($_POST['submit'])) {

    // don't use $mysqli->prepare here
    $query = "SELECT * FROM Teacher WHERE TeacherUsername = ? AND TeacherPassword = ? LIMIT 1";
    // prepare query
    $stmt=$mysqli->prepare($query);
    // You only need to call bind_param once
    $stmt->bind_param("ss",$teacherusername,$teacherpassword);
    // execute query
    $stmt->execute(); 
    // get result and assign variables (prefix with db)
    $stmt->bind_result($dbTeacherId,$dbTeacherForename,$dbTeacherSurname,$dbTeacherUsername,$dbTeacherPassword);

    while($stmt->fetch()) {
      if ($teacherusername == $dbTeacherUsername && $teacherpassword == $dbTeacherPassword) {
        $loggedIn = true;
      }
    }

    /* close statement */
    $stmt->close();

    /* close connection */
    $mysqli->close();

    if ($loggedIn == true){
      // left your session code as is - but think wisely about using
      // the Username as a session variable (security risk)
      $_SESSION['teacherforename'] = $dbTeacherForename;
      $_SESSION['teachersurname'] = $dbTeacherSurname;
      $_SESSION['teacherusername'] = $dbTeacherUsername;
      header( 'Location: menu.php' ) ;
      die();
    }
  }
?>
<html>
<head></head>
<body>
  <?php if ($loggedIn == false && $_POST) {
    echo "The Username or Password that you Entered is not Valid. Try Entering it Again.";
    }
  ?>
  <form action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>" method="post" id="teachLoginForm">        
  <p>Username</p><p><input type="text" name="teacherusername" /></p>      <!-- Enter Teacher Username-->
  <p>Password</p><p><input type="password" name="teacherpassword" /></p>  <!-- Enter Teacher Password--> 
  <p><input id="loginSubmit" type="submit" value="Login" name="submit" /></p>
  </form>
</body>
</html>

更新/修改 要注意我已经更改了这个文本,因为现在我已经重写了大部分代码。如果上述方法不起作用(如您仍然遇到mysqli错误),则表示您的Teacher表有超过5列。

一个重要的FYI是$ mysqli-&gt; prepare和$ stmt-&gt; bind_result语句之间的连接,这些语句需要根据所选列的数量进行匹配。您可以在bind_result中为变量命名,但是变量的数量需要与您在SELECT语句中选择的列数相匹配,因此为什么明确命名列总是优于(*)。

答案 1 :(得分:0)

您需要移动HTML。在html之后,您有输入表单的IF。如果如下所示,将html添加到其他地方:      

session_start(); 

$username="xxx";
$password="xxx";
$database="mobile_app";

$mysqli = new mysqli("localhost", $username, $password, $database)or die( "Unable to select database");

foreach (array('teacherusername','teacherpassword') as $varname) {
        $$varname = (isset($_POST[$varname])) ? $_POST[$varname] : '';
      }

if (isset($_POST['submit'])) {

$query = $mysqli->prepare("
SELECT * FROM Teacher t  
WHERE 
(t.TeacherUsername=?)
AND
(t.TeacherPassword=?)
");

$loged = false;

$stmt=$mysqli->prepare($query);
$stmt->bind_param("s",$teacherusername);
$stmt->bind_param("s",$teacherpassword);

$stmt->execute(); 



$stmt->bind_result($TeacherId,$TeacherForename,
                    $TeacherSurname,$TeacherUsername,$TeacherPassword);

while($row=$stmt->fetch())
  {

      if ($_POST['teacherusername'] == ($row['TeacherUsername']) && $_POST['teacherpassword'] == ($row['TeacherPassword']))
      {
          $loged = true;
      }

   $_SESSION['teacherforename'] = $row['TeacherForename'];
   $_SESSION['teachersurname'] = $row['TeacherSurname'];
   $_SESSION['teacherusername'] = $row['TeacherUsername'];

  }

  if ($loged == true){
  header( 'Location: menu.php' ) ;
}else{
  echo "The Username or Password that you Entered is not Valid. Try Entering it Again.";
}


}else{
?>
<form action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>" method="post" id="teachLoginForm">        
<p>Username</p><p><input type="text" name="teacherusername" /></p>      <!-- Enter Teacher Username-->
<p>Password</p><p><input type="password" name="teacherpassword" /></p>  <!-- Enter Teacher Password--> 
<p><input id="loginSubmit" type="submit" value="Login" name="submit" /></p>
</form>
<?php
}
 ?>
相关问题
最新问题