此代码用于使用身份验证,会话管理进行登录。错误来自第15行代码,这是致命错误:在非对象上调用成员函数bindParam()。我不明白我的错误在哪里。请帮我。
<?php
// Sanitize incoming username and password
$username = filter_var($_POST['username'], FILTER_SANITIZE_STRING);
$password = filter_var($_POST['password'], FILTER_SANITIZE_STRING);
$pwd= md5($password);
// Connect to the MySQL server
$db = new mysqli("localhost", "root", "", "login");
// Determine whether an account exists matching this username and password
$stmt = $db->prepare("SELECT id FROM accounts WHERE username =$username and password =$pwd");
// Bind the input parameters to the prepared statement
// the error comes in this line
$stmt->bindParam('ss', $username, $pwd);
// Execute the query
$stmt->execute();
// Store the result so we `enter code here`can determine how many rows have been returned
$stmt->store_result();
if ($stmt->num_rows == 1) {
// Bind the returned user ID to the $id variable
$stmt->bind_result($id);
$stmt->fetch();
// Update the account's last_login column
$stmt = $db->prepare("UPDATE accounts SET last_login = NOW() WHERE id=$id");
$stmt->bind_param('d', $id);
$stmt->execute();
$_SESSION['username'] = $username;
// Redirect the user to the home page
header('Location: home.php');
}
?>
答案 0 :(得分:-1)
$stmt = $db->prepare("SELECT id FROM accounts WHERE username =$username and password=$pwd");
$stmt->bindParam('ss', $username, $pwd);
您正在绑定不存在的参数。您还尝试通过一次调用绑定两个参数。
Docs for the relevant function
示例(摘自php.net):
<?php
/* Execute a prepared statement by binding PHP variables */
$calories = 150;
$colour = 'red';
$sth = $dbh->prepare('SELECT name, colour, calories
FROM fruit
WHERE calories < :calories AND colour = :colour');
$sth->bindParam(':calories', $calories, PDO::PARAM_INT);
$sth->bindParam(':colour', $colour, PDO::PARAM_STR, 12);
$sth->execute();
?>
[编辑]
看起来这实际上是关于mysqli的。 Relevant doc
相关样本:
$stmt = $mysqli->prepare("INSERT INTO CountryLanguage VALUES (?, ?, ?, ?)");
$stmt->bind_param('sssd', $code, $language, $official, $percent);