有人可以解释为什么这会给我500个内部服务器错误吗?我尝试添加一些sql注入保护,我不知道我做错了什么。我应该以面向对象的方式而不是程序化的方式来做这个吗?
<?php
$conn = mysqli_connect($host, $user, $pwd)or die("Error connecting to database.");
mysqli_select_db($conn, $db) or die("Couldn't select the database.");
$username = $_POST['username'];
$password = $_POST['password'];
$stmt = mysqli_stmt_init($conn);
$query = "SELECT * FROM Users WHERE email=? AND password=?";
mysqli_stmt_prepare($stmt, $query) or die("Failed to prepare statement.");
mysqli_stmt_bind_param($stmt, "ss", $username, $password);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
$count = mysqli_num_rows($result);
if($count == 1){
//Log in successful
}
else {
//Wrong Username or Password
}
mysqli_close($conn);
?>
答案 0 :(得分:0)
mysqli_stmt_get_result在PHP 5.3中可用,但我运行的是5.1。此外,必须安装mysqlnd驱动程序才能使此调用生效。