处理没有从准备好的select语句返回的结果

时间:2014-10-28 14:01:08

标签: php mysql prepared-statement

我正在尝试建立一个基本的登录系统。用户输入用户名+密码,然后发布并在以下代码中使用:

if(isset($_POST['submit'])) {


$sql = "SELECT username, password FROM tbl_users WHERE username = ? AND password = ?";
$stmt = $mysqli->prepare($sql);

if(!$stmt) {
    die("Prepare failed: (" . $mysqli->errno . ") " . $mysqli->error);
}


$username = $_POST['username'];
$password = $_POST['password'];

var_dump($username);
var_dump($password);


$bind_result = $stmt->bind_param("ss", $username, $password);
if(!$bind_result) {
    echo "Binding failed: (" . $stmt->errno . ") " . $stmt->error;
}

$execute_result = $stmt->execute();
if(!$execute_result) {
    echo "Execute failed: (" . $stmt->errno . ") " . $stmt->error;
}

$stmt->bind_result($returned_username, $returned_password);

while($stmt->fetch()) {

    var_dump($returned_username);
    var_dump($returned_password);


    if($username === $returned_username && $password === $returned_password) {
        echo "You are now logged in!";
    } else {
        echo "Incorrect username or password";
    }
}

如果我输入正确的用户名和密码,一切正常,并且正确登录。当我使用错误的密码或不在数据库中的用户名输入错误信息时,问题就开始出现了。 “不正确的用户名或密码”行根本没有用过。

我是使用预准备语句的新手,但到目前为止我对它的理解是,一旦我绑定结果,我只能使用fetch在while循环中访问它们。但是,如果没有找到结果,那么该循环将永远不会运行,因此我无法测试查询是否找到任何结果。我可能在这里遗漏了一些明显的东西,但我整个上午一直试图解决这个问题,这让我感到疯狂。

3 个答案:

答案 0 :(得分:1)

我建议你,像这样使用它:

if (isset($_POST['submit'])) {
    //Checking, is a user exists with these credentials?
    $sql = "SELECT COUNT(*) AS cnt FROM tbl_users WHERE username = ? AND password = ?";
    $stmt = $mysqli->prepare($sql);
    if (!$stmt) {
        die("Prepare failed: (" . $mysqli->errno . ") " . $mysqli->error);
    }
    $bind_result = $stmt->bind_param("ss", $_POST['username'], $_POST['password']);
    if (!$bind_result) {
        echo "Binding failed: (" . $stmt->errno . ") " . $stmt->error;
    }
    $execute_result = $stmt->execute();
    if (!$execute_result) {
        echo "Execute failed: (" . $stmt->errno . ") " . $stmt->error;
    }
    $stmt->bind_result($cnt);
    $stmt->fetch();
    if ($cnt > 0) {
        echo "You are now logged in!";
    } else {
        echo "Incorrect username or password";
    }
}   

答案 1 :(得分:0)

如果你得到任何结果测试怎么样,如果你没有抛出错误:

if($stmt->fetch())
{
   do {

        var_dump($returned_username);
        var_dump($returned_password);


        if($username === $returned_username && $password === $returned_password) {
            echo "You are now logged in!";
        } else {
            echo "Incorrect username or password";
        }
    } while($stmt->fetch());
}
else
{
    echo "Incorrect username or password";
} 

答案 2 :(得分:0)

您遇到的问题基于代码中实现的逻辑。如果没有用户从数据库中检索,那么检查正确用户名和密码的代码永远不会运行,只需更改代码中的几行就可以解决这个问题,试试这个:

//this is your code at the moment

while($stmt->fetch()) {

    var_dump($returned_username);
    var_dump($returned_password);


    if($username === $returned_username && $password === $returned_password) {
        echo "You are now logged in!";
    } else {
        echo "Incorrect username or password";
    }
}

//replace that for this

while($stmt->fetch()) {

    var_dump($returned_username);
    var_dump($returned_password);

}

if($username === $returned_username && $password === $returned_password) {
    echo "You are now logged in!";
} else {
    echo "Incorrect username or password";
}

希望能帮助您解决问题,快乐编码。