参数化查询不将值传递给$ row数组

时间:2014-09-02 03:49:29

标签: php mysqli

这里的第一次海报。我有一个php登录脚本,但我的SQL查询不会将任何值传递给我的$ row数组。

<?php

require 'functions/security.php';
require('db/connection.php');

session_start();
if(isset($_POST['username'])) {
    $username = $_POST['username'];
    $password = $_POST['password'];

    if($results = $db->query("SELECT userID, username, password 
                              FROM users
                              WHERE username = ?")){
        if($results->num_rows) {
            $results->bind_param('s', $username);
                $results->execute();
                    while($row = $results->fetch_row()) {
                        $userID = $row[0];
                        $dbUsername = $row[1];
                        $dbPassword = $row[2];
                    }
                    $results->free();
        }
    }


    if($username == $dbUsername && password_verify($password, $dbPassword)) {
                    $_SESSION['username'] = $username;
                    $_SESSION['userID'] = $userID;
                    header('Location: index.php');
    } else {
        echo "<h2>Oops!</h2>";
    }
}
?>

我一直在查看bind_param的文档;我对php很陌生,所以很可能我错过了一些愚蠢的东西,但我不能为我的生活弄清楚是什么。

EDIT 好的哎呀我没有拿到结果。这解决了这个问题。谢谢! 

<?php
    require('db/connection.php');
    session_start();
    //if(isset($_POST['username'])) {
        $username = "MYUSERNAMEFORTESTINGPURPOSES";
        $password = "MYPASSWORDFORTESTINGPURPOSES";


        $stmt=$db->stmt_init();
        $stmt->prepare("        SELECT userID, username, password 
                                FROM users
                                WHERE username = ?");
                    $stmt->bind_param('s', $username);
                    $stmt->execute();
                    $stmt->bind_result($userID, $dbUsername, $dbPassword);
                    //WOOPS WASNT FETCHING RESULT
                    while ($stmt->fetch()) {
                       printf("%s %s %s", $userID, $dbUsername, $dbPassword);
                   }

        if($username == $dbUsername && password_verify($password, $dbPassword)) {
                        $_SESSION['username'] = $username;
                        $_SESSION['userID'] = $userID;
                        header('Location: index.php');
        } else {
            echo "<h2>Oops!</h2>";
        }
    //}
    ?>

2 个答案:

答案 0 :(得分:1)

你不要queryexecute在一起。您的案例query应为prepare 

db->query("SELECT userID, username, password FROM users WHERE  username = ?");

应该是

$stmt =  $db->stmt_init();
$stmt->prepare("SELECT userID, username, password FROM users WHERE  username = ?");

<强> Manual

答案 1 :(得分:0)

stmt是使用连接prepare()查询时返回的对象。

$conn= $db->stmt_init();
$stmt= $conn->prepare("SELECT userID, username, password 
                      FROM users
                      WHERE username = ?"); 
$stmt->bind_param('s', $username);
$stmt->execute();
$stmt->bind_result($userID, $dbUsername, $dbPassword);

if($stmt->fetch()) {//notice you dont need a loop for single row
   printf("%s %s %s", $userID, $dbUsername, $dbPassword);
}
...
相关问题
最新问题