PHP警告:mysqli_stmt :: bind_param():变量数量与预准备语句中的参数数量不匹配

时间:2014-10-27 06:18:41

标签: php mysql prepared-statement

我知道当你忘记占位符或其他等等时会抛出此错误。 我查了一些针对同一错误发布的其他问题,但我仍然不知道为什么这不起作用:

<?php

require_once 'includes/constants.php';

class Mysql {
private $connect;

function __construct() {
    $this->connect = new mysqli(DB_SERVER, DB_USER, DB_PASSWORD, DB_NAME) or die('There was a problem connecting to the database.');
}

function verify_un_pwd($un, $pwd) {

    $query = "SELECT * FROM users WHERE username =? AND password =? LIMIT 1";

    if($stmt = $this->connect->prepare($query)) {
        $stmt->bind_param('ss', $un, $pwd);
        $stmt->execute();

        if($stmt->fetch()) {
            $stmt->close();
            return true;
        }
    }
}
}

我使用md5作为密码。在db中都是varchar。我在这里缺少什么?

编辑1#已添加admin.php

<?php

require 'mysql.php';

class Admin  {

function validate_user($un, $pwd) {
    $mysql = New Mysql();
    $ensure_creds = $mysql->verify_un_pwd($un, md5($pwd));

    if($ensure_creds) {
        $_SESSION['status'] = 'authorized';
        header("location: welcome.php");
    } else 
        return "Please enter a correct username and password.";

} 
}

编辑2#添加了login.php(抱歉)

<?php
session_start();
require_once 'classes/admin.php';
$admin = new Admin();

if($_POST && !empty($_POST['username']) && !empty($_POST['pwd'])) {
$response = $admin->validate_user($_POST['username'], $_POST['pwd']);
}
?>


...
<div id="login">
<form method="post" action="">
    <h2>Login</h2>
    <h3><small>Enter your credentials</small></h3>
    <p>
        <label for="name">Username: </label>
        <input type="text" name="username"/>
    </p>
    <p>
        <label for="pwd">Password: </label>
        <input type="password" name="pwd"/>
    </p>
    <p>
        <input type="submit" id="submit" value="Login" name="submit"/>
    </p>
</form>
<?php if(isset($response)) echo "<h4 class='alert'> . $response . </h4>" ?>

</div>

0 个答案:

没有答案