我试图学习登录编码,在第一次尝试中它工作正常,但我意识到我可以使用userID登录和任何其他密码成功登录。
我尝试在第二次尝试中加强登录过程,但遇到下面的错误消息。我无法弄清楚我在哪里弄错了。
有$username& $passWD使用filter_has_var从登录表单中获取数据。它未在下面的代码中显示。
警告:mysqli_stmt_bind_result():绑定变量的数量与预准备语句中的字段数不匹配
第一次尝试:
<?php
$username = filter_has_var(INPUT_POST, 'userName') ? $_POST['userName']: null;
$passWD = filter_has_var(INPUT_POST, 'pwd') ? $_POST['pwd']: null;
include 'database_conn.php'; // make db connection
$sql = "SELECT passwordHash FROM users WHERE username = ?";
$stmt = mysqli_prepare($conn, $sql); // prepare the sql statement
mysqli_stmt_bind_param($stmt, "s", $username);
mysqli_stmt_execute($stmt); // execute the query
mysqli_stmt_bind_result($stmt, $passWDHash);
if (mysqli_stmt_fetch($stmt)) {
password_verify($passWD, $passWDHash);
echo "<p>Login successful</p>";
}
else {
echo "<p>Please try again.</p>";
}
mysqli_stmt_close($stmt);
mysqli_close($conn);
?>
第二次尝试:
<?php
$username = filter_has_var(INPUT_POST, 'userName') ? $_POST['userName']: null;
$passWD = filter_has_var(INPUT_POST, 'pwd') ? $_POST['pwd']: null;
include 'database_conn.php'; // make db connection
$sql = "SELECT * FROM users WHERE username = ? AND passwordHash =?";
$stmt = mysqli_prepare($conn, $sql); // prepare the sql statement
mysqli_stmt_bind_param($stmt, "ss", $username, $passWD);
mysqli_stmt_execute($stmt); // execute the query
mysqli_stmt_bind_result($stmt, $username, $passWDHash);
if (mysqli_stmt_fetch($stmt)) {
password_verify($passWD, $passWDHash);
echo "<p>Login successful</p>";
}
else {
echo "<p>Sorry please try again.</p>";
}
mysqli_stmt_close($stmt);
mysqli_close($conn);
?>
答案 0 :(得分:0)
不推荐使用通配符*。可能表中的列数多于您需要的2列?
maby类似于:SELECT username,passwordHash FROM users WHERE username = ? AND passwordHash =?