不推荐使用:mysql_real_escape_string

时间:2016-01-07 19:39:46

标签: php mysqli login

我已更改登录表单,并尝试将其转换为MySQLI。但我得到以下错误。任何人都可以看到有什么问题吗?我在php编程方面还不是很好,所以请跟我一起:))

 <?php
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
session_start(); // Starting Session
$error=''; // Variable To Store Error Message
if (isset($_POST['submit'])) {
if (empty($_POST['username']) || empty($_POST['password'])) {
$error = "Username or Password is invalid";
}
else{

// Define $username and $password
$username=$_POST['username'];
$password=$_POST['password'];
// Establishing Connection with Server by passing server_name, user_id and password as a parameter
echo $username; 
echo $password;

/*
// To protect MySQL injection for Security purpose
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
*/

// Selecting Database
include 'dbconfic.inc.php';

// her bruger jeg mysqli prepared statement:
    // '?' er placeholders for variabler
    $stmt = $mysqli->prepare("SELECT username FROM login WHERE password= ? AND username= ?;");
    // binder varialber til placeholders:
    // 's' er string, 1 for hver placeholder, her er der 1:
    $stmt->bind_param('ss', $password, $username);   // bind var til parameter

    // execute prepared statement 
    $stmt->execute();
     $stmt->store_result();
    $usern = null;  
    /* bind result variabler */
    $stmt->bind_result($usern);
    // antal returnerede rækker:
    $rows = $stmt->num_rows;
    echo $rows;
    /* fetch values for hver row, her kun 1 row dog: */
     while ($stmt->fetch()) {
           $username = $usern;
     }  
    echo $username;
    // luk statement                        
    $stmt->close();

    // luk connection
    $mysqli->close();       



if ($rows == 1) {
$_SESSION['login_user']=$username; // Initializing Session
header("location: profile.php"); // Redirecting To Other Page
} else {
$error = "Username or Password is invalid";
}
}
}
?>

错误: 警告:无法修改标题信息 - 已在第62行的/Applications/MAMP/htdocs/roulette/login.php中发送的标题(输出从/Applications/MAMP/htdocs/project/login.php:17开始)

警告:无法修改标头信息 - 已在第5行的/Applications/MAMP/htdocs/roulette/index.php中发送的标头(输出从/Applications/MAMP/htdocs/project/login.php:17开始)< / p>

我在dbconfig中的连接如下所示:

<?php
    $db_host = "localhost";
    $db_user = "root";
    $db_pass = "root";
    $db_name  = "project_db";
    // connection:
    $mysqli = new mysqli($db_host, $db_user, $db_pass , $db_name);
    // tjek conenction:
    if (mysqli_connect_errno()) {
        printf("Connect failed: %s\n", mysqli_connect_error());
    }

    // vi kører utf-8 på connection:
    $mysqli->set_charset("utf8");   
?>

我不太确定修改标头的含义是什么意思?

0 个答案:

没有答案