我是他们试图使用mysqli :: bind_param失败的。在下面的代码中,函数login ( )在username页面上使用password和login.php进行调用。尽管已经阅读了所有的努力和指南和论坛,但仍然会返回相同的错误。
我尝试了
bind_param ( 's' , $ variable )
bind_param ( 1 , $ variable )
bind_param ( 'ss' , $ variable1 , $ variable2 )
我尝试了没有''
的查询"SELECT id,org_id,org_group_id,people_id FROM users WHERE username = ? AND password = ?"
我哪里错了?
public function login($_username, $_password) {
$this->sessionOpen ();
if ($_username == "") {
$this->log->error ( "Username vuoto" );
throw new AuthLoginFailed ();
}
if ($_password == "") {
$this->log->error ( "Password vuota" );
throw new AuthLoginFailed ();
}
$db = new mysqli ( $this->sql ['server'], $this->sql ['username'], $this->sql ['password'], $this->sql ['database'] );
if (mysqli_connect_errno ()) {
$this->log->error ( "Errore di connessione a mysql: " . mysqli_error ( $db ) );
throw new MysqliConnectionError ( "Mysqli error: " . mysqli_error ( $db ) );
}
$stmt = $db->prepare ( "SELECT id,org_id,org_group_id,people_id FROM users WHERE 'username' = ? AND 'password' = ?" );
if (! $stmt) {
$this->log->error ( "Mysqli prepare error: " . mysqli_error ( $db ) );
throw new MysqliPrepareException ( "Mysqli error: " . mysqli_error ( $db ) );
}
echo md5 ( $_username ) . "---" . md5 ( $_password );
//on page username and password is showed at this point
$user=trim(md5 ( $_username ));
$pass=trim(md5 ( $_password ));
$stmt->bind_param ( 1, $user);
$stmt->bind_param ( 2, $pass);
/* Execute it */
$stmt->execute ();
if (! $stmt) {
$this->log->error ( "Mysqli prepare error: " . mysqli_error ( $db ) );
throw new MysqliExecuteException ( "Mysqli error: " . mysqli_error ( $db ) );
}
$stmt->fetch($rst);
echo "results: " . $rst->num_rows; //output of this: results:
if ($rst->num_rows == 0) {
throw new AuthLoginFailed ();
}
/* Close statement */
$stmt->close ();
/* Close connection */
$db->close ();
}
apache日志中的错误是
[Sat Oct 24 08:52:04 2015] [error] [client 192.168.253.6] PHP Warning: mysqli_stmt::bind_param(): Number of variables doesn't match number of parameters in prepared statement in /www/gexy/XXXX/html/lib/Auth.php on line 77, referer: https://gexy.it/login.php
[Sat Oct 24 08:52:04 2015] [error] [client 192.168.253.6] PHP Warning: mysqli_stmt::bind_param(): Number of variables doesn't match number of parameters in prepared statement in /www/gexy/XXXX/html/lib/Auth.php on line 78, referer: https://gexy.it/login.php
非常感谢所有
答案 0 :(得分:1)
修改是:
$ stmt-> bind_param(" ss",$ user,$ pass); 因为1个数据类型在bind_param()中没有定义。 bind_param()将采用两个参数第一个是查询中的类型(i,d,s,b)对应的数据类型(?),第二个arg是值。
建议是:
对于空字符串,不要与==进行比较,因为如果用户输入3个空格,则不会相等。使用empty()来检查空字符串。
不要调用不必要的方法,它没有任何意义,例如:在您的代码中,您在trim()之后调用md5()。 md5()不会返回任何空格字符。所以调用trim(md5($username))意味着更少。
尝试用我的代码替换您的代码,希望您的问题得到解决。
public function login($_username, $_password) {
$this->sessionOpen ();
if (empty($_username)) {
$this->log->error ( "Username vuoto" );
throw new AuthLoginFailed ();
}
if (empty($_password)) {
$this->log->error ( "Password vuota" );
throw new AuthLoginFailed ();
}
$db = new mysqli ( $this->sql ['server'], $this->sql ['username'], $this->sql ['password'], $this->sql ['database'] );
if (mysqli_connect_errno ()) {
$this->log->error ( "Errore di connessione a mysql: " . mysqli_error ( $db ) );
throw new MysqliConnectionError ( "Mysqli error: " . mysqli_error ( $db ) );
}
$stmt = $db->prepare ( "SELECT id,org_id,org_group_id,people_id FROM users WHERE 'username' = ? AND 'password' = ?" );
if (! $stmt) {
$this->log->error ( "Mysqli prepare error: " . mysqli_error ( $db ) );
throw new MysqliPrepareException ( "Mysqli error: " . mysqli_error ( $db ) );
}
echo md5 ( $_username ) . "---" . md5 ( $_password );
//on page username and password is showed at this point
$user=md5 ( $_username );
$pass=md5 ( $_password );
$stmt->bind_param ( "ss", $user,$pass);
/* Execute it */
$stmt->execute ();
if (! $stmt) {
$this->log->error ( "Mysqli prepare error: " . mysqli_error ( $db ) );
throw new MysqliExecuteException ( "Mysqli error: " . mysqli_error ( $db ) );
}
$stmt->fetch($rst);
echo "results: " . $rst->num_rows; //output of this: results:
if ($rst->num_rows == 0) {
throw new AuthLoginFailed ();
}
/* Close statement */
$stmt->close ();
/* Close connection */
$db->close ();
}
一旦你的问题得到解决,请告诉我。