我正在尝试转换为mysqli,正如预期的那样,我遇到了困难。
我已经创建了一个如下的登录脚本,该脚本有效,我认为是正确的。 (我知道密码需要进行哈希处理,我只想先把它运行起来然后再运行)
// POST variables
$username = ($_POST['username']);
$password = ($_POST['password']);
//Input Validations
if($username == '') {
$errmsg_arr[] = 'Username required';
$errflag = true;
}
if($password == '') {
$errmsg_arr[] = 'Password required';
$errflag = true;
}
//If there are input validations, redirect back to the login form
if($errflag) {
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
header("location: logon.php");
exit();
}
//prepared statements
if ($stmt = $mysqli->prepare("SELECT username, password FROM auth WHERE username='$username' AND password='$password'")) {
$stmt->execute();
/* bind variables to prepared statement */
$stmt->bind_result($user, $pass);
/* fetch values */
$stmt->fetch();
if ($user == $username && $pass == $password)
{
printf("Welcome %s", $user);
}
else
{
printf("Login failed");
}
/* close statement */
$stmt->close();
}
/* close connection */
$mysqli->close();
?>
如果登录通过,我想设置我的会话变量,之前使用mysqll我做了以下
$qry="SELECT * FROM auth WHERE username='$username' AND password='$password'";
$result=mysql_query($qry);
//Check whether the query was successful or not
if($result) {
if(mysql_num_rows($result) > 0) {
//Login Successful
session_regenerate_id();
//Set session variables
$member = mysql_fetch_assoc($result);
$_SESSION['SESS_MEMBER_ID'] = $member['ID'];
$_SESSION['SESS_USERNAME'] = $member['username'];
$_SESSION['SESS_FIRST_NAME'] = $member['fname'];
$_SESSION['SESS_PASSWORD'] = $member['password'];
$_SESSION['SESS_AUTH_LEVEL'] = $member['auth_level'];
session_write_close();
header("location: index");
exit();
}else {
//Login failed
$errmsg_arr[] = 'user name or password not found';
$errflag = true;
if($errflag) {
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
header("location: logon.php");
exit();
我认为我的问题是“$ member = mysql_fetch_assoc($ result);”我怎么在mysqli中这样做?由于我准备好的语句只绑定用户名和密码,之前我使用了SELECT * FROM
由于
答案 0 :(得分:0)
您基本上需要使用以下功能: $mysqli->query(string) , $mysqli_result->num_rows() 和 $mysqli_result->fetch_assoc()
您的代码可能如下所示:
$mysqli = new mysqli(...);
$qry = "SELECT * FROM auth WHERE username=? AND password=?";
$stmt = $mysqli->prepare($qry);
$stmt->bind_param('ss', $username, $password);
//Check whether the query was successful or not
if($stmt->execute()) {
$result = $stmt->get_result();
if($result->num_rows() > 0) {
session_regenerate_id();
$member = $result->fetch_assoc();
$_SESSION['SESS_MEMBER_ID'] = $member['ID'];
...
} else {
...
}
}
...
这里与您的问题没有直接关系,但您可能希望通过替换这两行来正确使用预准备语句:
if ($stmt = $mysqli->prepare("SELECT username, password FROM auth WHERE username='$username' AND password='$password'")) {
$stmt->execute();
...
用这些:
if ($stmt = $mysqli->prepare("SELECT username, password FROM auth WHERE username=? AND password=?")) {
$stmt->bind_param('ss', $username, $password);
$stmt->execute();
...