我是MySQL的新手。我创建了一个登录页面,它将运行PHP来查询数据库。
我想制作一个准备好的语句来防止SQL注入,但它不起作用。 $ result给了我0.
的cgi-bin /的welcome.php
<?php
$email= $_POST["email"];
$pwd = $_POST["password"];
$dbh=mysqli_connect("localhost",
"zzengnin",<password>,"zzengnin_wheel")
or die ('Database is not able to connect');
$qry= "SELECT email FROM Info WHERE email=? AND pw=?";
if ($stmt = mysqli_prepare($link, $qry)) {
mysqli_stmt_bind_param($stmt, "ss", $email, $pwd);
mysqli_stmt_execute($stmt);
mysqli_stmt_bind_result($stmt, $result);
mysqli_stmt_fetch($stmt);
printf("result email is %s\n", $result);
}
if(mysqli_num_rows($result)>0)
{
echo "Welcome! '$email', you are officially logged in! ";
}
else{
echo "Your Email or Password is WRONG!!!!";
echo $result + " result";
}
mysqli_stmt_close($stmt);
mysqli_close($dbh);
?>
这是login.php
的形式<!DOCTYPE html>
<head><title>Wheel Sharing</title>
<link rel = "stylesheet" type = "text/css" href = "CSS/style.css">
</head>
<body>
<h1>Log in</h1>
<form action="cgi-bin/welcome.php" method="post">
Email: <input name="email" type="text" size="20"/>
<br/>
Password: <input name="password" type="password" >
<br/>
<input type="submit" value="Login"/> <input type="reset" value="Reset"/>
</form>
</body>
</html>
所有帮助表示赞赏:)
答案 0 :(得分:1)
改变这个:
mysqli_stmt_execute($stmt);
对此:
$result = mysqli_stmt_execute($stmt);