$stmt = $con->prepare("SELECT * FROM admin WHERE email = ? AND password = ? ");
$stmt->bind_param('ss', $_POST['username'], $_POST['password']);
$result = $stmt->execute();
$stmt->store_result();
if ($result->num_rows > 0) {
while ($member = $result->fetch_assoc()) {
$_SESSION['SESS_MEMBER_ID'] = $member['id'];
$_SESSION['SESS_LAST_NAME'] = $member['email'];
$_SESSION['SESS_FIRST_NAME'] = $member['password'];
session_write_close();
header("location:home.php");
}
} else {
$errmsg_arr[] = 'Wrong Username or Password';
$errflag = true;
if ($errflag) {
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
header("location: index.php");
}
}
html表格:
<form role="form" action="action.php" method="post" enctype="multipart/form-data">
<fieldset>
<div class="form-group">
<input class="form-control" placeholder="User Name" name="username" type="text" autofocus>
</div>
<div class="form-group">
<input class="form-control" placeholder="Password" name="password" type="password" value="">
</div>
<input type="submit" value="Log In" name="submit" class="btn btn-lg btn-success btn-block">
</fieldset>
</form>
此代码无法重定向到home.php ..它显示错误的用户名或密码.. mysqli准备语句的新内容。所以这里有任何帮助
答案 0 :(得分:1)
我正在阅读http://php.net/manual/en/mysqli.quickstart.prepared-statements.php
似乎这是获得它的正确方法:
$stmt = $con->prepare("SELECT * FROM admin WHERE email = ? AND password = ? ");
$stmt->bind_param('ss', $_POST['username'], $_POST['password']);
$stmt->execute();
$result = $stmt->get_result();
另外,This page sais:
执行:成功时返回TRUE,失败时返回FALSE。
执行不会返回结果,而是返回布尔值。