我再一次,更多的问题,我真的找不到原因。
以下代码产生:“Issue”表示第一个IF语句为false,应为true。
PHP:
function login($email, $password, $mysqli) {
//Use prepared statements to stop SQL Injection
if ($stmt = $mysqli->prepare("SELECT id, email, password, salt, perms FROM users WHERE email = ? LIMIT = 1")) {
$stmt->bind_param('s', $email); //Bind "$email" to paramater
$stmt->execute(); //Execute the query
$stmt->store_result();
$stmt->bind_result($user_id, $email, $db_password, $salt, $perms); //get variables from result
$stmt->fetch();
$password = hash('sha512', $password.$salt); //hash the password with the unique salt
if ($stmt->num_rows == 1) { //If user exists
//Check that user account isn't locked
if (checkbrute($user_id, $mysqli) == true) {
//Account is locked, alert user
return false;
} else {
if ($db_password == $password) { //Check that passwords match
//matches
echo "matches";
}
}
} else {
echo "No user found!";
}
} else {
echo "Issue";
}
}
$ email和$ password不为空,$ mysqli是数据库对象。有任何想法吗? 我根本想不通,一切看起来都不错。
答案 0 :(得分:3)
您应该添加mysql错误报告。它会告诉您LIMIT = 1附近的查询中存在问题。
查询应该是:
SELECT id, email, password, salt, perms FROM users WHERE email = ? LIMIT 1
要添加错误报告,请将echo "issue";更改为:
echo "Prepare failed: (" . $mysqli->errno . ") " . $mysqli->error;
答案 1 :(得分:3)
Limit = 1应为LIMIT 1。这是if更正的内容:
if ($stmt = $mysqli->prepare("SELECT id, email, password, salt, perms FROM users WHERE email = ? LIMIT 1"))