我有这个登录代码:
$con = new mysqli($host, $user, $password, $database);
if(isset($_POST['login'])){
$username = $_POST['username'];
$password = md5($_POST['password']);
$stmt = $con->prepare("SELECT username, password FROM user WHERE username=? AND password=? LIMIT 1");
$stmt->bind_param('ss', $username, $password);
$stmt->execute();
$stmt->bind_result($username, $password);
$stmt->store_result();
if($stmt->num_rows == 1) //To check if the row exists
{
$result=$con->query($stmt);
$row=$result->fetch_array(MYSQLI_ASSOC);
$status = $row['status'];
if($status=='d') {
echo "YOUR account has been DEACTIVATED.";
} else {
$_SESSION['Logged'] = 1;
$_SESSION['user_id'] = $user_id;
$_SESSION['username'] = $username;
echo 'Success!';
exit();
}
}
else {
echo "INVALID USERNAME/PASSWORD Combination!";
}
$stmt->close();
}
else
{
}
$con->close();
当按下登录按钮时显示此错误:
Warning: mysqli::query() expects parameter 1 to be string, object given in /nginx/html/user/demo/login.php on line 93
Fatal error: Call to a member function fetch_array() on a non-object in /nginx/html/user/demo/login.php on line 94
有这些错误的行:
第93行是:$ result = $ con> query($ stmt);
第94行是$ row = $ result-> fetch_array(MYSQLI_ASSOC);
答案 0 :(得分:-1)
当您使用预准备语句时,不要致电query或fetch_array。您调用fetch,并将结果放入与bind_result绑定的变量中。
您还引用了未在SELECT子句中列出的值。
$con = new mysqli($host, $user, $password, $database);
if(isset($_POST['login'])){
$username = $_POST['username'];
$password = md5($_POST['password']);
$stmt = $con->prepare("SELECT username, status, user_id FROM user WHERE username=? AND password=? LIMIT 1");
$stmt->bind_param('ss', $username, $password);
$stmt->execute();
$stmt->bind_result($username, $status, $user_id);
$stmt->store_result();
if($stmt->num_rows == 1) //To check if the row exists
{
$stmt->fetch();
if($status=='d'){
echo "YOUR account has been DEACTIVATED.";
}else{
$_SESSION['Logged'] = 1;
$_SESSION['user_id'] = $user_id;
$_SESSION['username'] = $username;
echo 'Success!';
exit();
}
}
else {
echo "INVALID USERNAME/PASSWORD Combination!";
}
$stmt->close();
}
else
{
}
$con->close();