我一直在尝试在将查询发送到数据库之前准备一个查询,但它没有从数据库中取出任何内容。它告诉我user / pass组合不正确。 (当它是正确的时),这必须意味着它有来自数据库的0行。任何人都可以告诉我如何解决这个问题吗?
/* Create a prepared statement */
$stmt = mysqli_stmt_init($con);
mysqli_stmt_prepare($stmt, "SELECT * FROM users WHERE username = ? AND userpass = ?");
/* Bind parameters
s - string, b - blob, i - int, etc */
mysqli_stmt_bind_param($stmt, "ss", $username, $userpass);
/* Execute it */
mysqli_stmt_execute($stmt);
/* Bind results */
mysqli_stmt_bind_result($stmt, $username, $userpass);
/* Fetch the value */
mysqli_stmt_fetch($stmt);
/* close statement */
mysqli_stmt_close($stmt);
/* $result = mysqli_query($con,"SELECT * FROM users
WHERE username = '$username' AND userpass = '$userpass'"); */
if(!$stmt)
{
//something went wrong, display the error
echo '<ul class="ulstylecenter">
<li>Something went wrong while signing in. Please try again later.</li>
<li>If you are not redirected in 5 seconds please <a href="/home.php">click here</a>.</li>
</ul>';
header('Refresh: 5;url=/home.php');
//echo mysqli_error(); //debugging purposes, uncomment when needed
}
else
{
//the query was successfully executed, there are 2 possibilities
//1. the query returned data, the user can be signed in
//2. the query returned an empty result set, the credentials were wrong
if(mysqli_num_rows($stmt) == 0)
{
echo '<ul class="ulstylecenter">
<li>You have supplied a wrong user/password combination. Please try again.</li></ul>';
echo '<form method="post" action="">
<table>
<tr>
<th><label for="username" class="signinlabel">Username:</label></th>
<td><input type="text" name="username" value="';
if(isset($username)){ echo $username; }
echo '" class="signininput"></td>
</tr>
<tr>
<th><label for="userpass" class="signinlabel">Password:</label></th>
<td><input type="password" name="userpass" class="signininput"></td>
</tr>
</table>
<ul class="forgotsignin"><li><a href="#">Forgot your username or password?</a></li></ul>
<input type="submit" value="Sign In" class="signinbutton" id="signinbuttonid">
</form>';
}
else
{
$_SESSION['signed_in'] = true;
//we also put the user_id and user_name values in the $_SESSION, so we can use it at various pages
while($row = mysqli_fetch_assoc($stmt))
{
$_SESSION['user_id'] = $row['user_id'];
$_SESSION['username'] = $row['username'];
$_SESSION['useremail'] = $row['useremail'];
$_SESSION['userdate'] = $row['userdate'];
}
echo '<ul class="ulstylecenter">
<li>Succesfully logged in.</li>
<li>If you are not redirected in 5 seconds please <a href="/home.php">click here</a>.
</li></ul>';
header('Refresh: 5;url=/home.php');
}
答案 0 :(得分:1)
代码中存在很多缺陷。只有其中一些:
您需要添加mysqli_stmt_bind_result参数变量,这些变量将代表表users的所有列。例如,如果您有表字段:
id username password email date
您的mysqli_stmt_bind_result电话应如下所示:
mysqli_stmt_bind_result($stmt, $id, $username, $userpass, $email, $date);
因为查询包含SELECT *。
请勿在{{1}}之后检查if (!$stmt)。
如果您已经有mysqli_stmt_close($stmt);和$username值,则无法再从数据库中检索它们......
强烈建议仔细阅读整个mysqli documendation。
我认为你的代码应该是这样的(如果你更喜欢程序化的mysqli风格):
$userpass答案 1 :(得分:0)
使用var_dump()检查变量,然后在这行之后尝试设置变量$ username和$ userpass :
mysqli_stmt_bind_result($stmt, $username, $userpass);