我用php mysqli程序说明我的项目,然后我决定准备和绑定数据。我在创建一个基于角色的用户系统。以下是我在@ chris85。
的帮助下的注册码 <?php
session_start();
if(is_file('include/connection.php'))
include_once('include/connection.php');
else
exit('Database FILES MISSING:(');
if(isset($_POST['submit'])) {
$errors = array();
$data = array();
$name = $_POST['name'];
$last_name = $_POST['last_name'];
$user_name = $_POST['user_name'];
$user_type = $_POST['user_type'];
$email = $_POST['email'];
$password = $_POST['password'];
$confirm_password = $_POST['confirm_password'];
$created_at = $_POST['created_at'];
$password_hash = password_hash($password, PASSWORD_DEFAULT);
$created_at = date('Y-m-d');
if(!($stmt = $mysqli->prepare("INSERT INTO user (name, last_name, user_name, user_type, email, password, created_at)
VALUES (?,?,?,?,?,?,?)"))){
echo "Prepare failed: (" . $mysqli->errno . ")" . $mysqli->error;
}
if(!$stmt->bind_param('sssssss', $name, $last_name, $user_name, $user_type, $email, $password_hash, $created_at)){
echo "Binding paramaters failed:(" . $stmt->errno . ")" . $stmt->error;
}
if(!$stmt->execute()){
echo "Execute failed: (" . $stmt->errno .")" . $stmt->error;
}
if($stmt) {
$_SESSION['main_notice'] = "Successfully registered, login here!";
header('Location: index.php');
}
else{
echo "Registration failed";
}
}
$mysqli->close();
?>
<?php
//check for any errors
// if(isset($error)){
// foreach($error as $error){
// echo '<p style="color: red">'.$error.'</p>';
// }
// }
?>
<form name="register" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" onsubmit="return check()">
<table>
<tr>
<td>Name</td>
<td><input type="text" name="name" value='<?php echo ($name) ?>'></td>
</tr>
<tr>
<td>Last Name</td>
<td><input type="text" name="last_name" value='<?php echo ($last_name) ?>'></td>
</tr>
<tr>
<td>User Name</td>
<td><input type="text" name="user_name" value='<?php echo ($user_name) ?>'></td>
</tr>
<tr>
<td>User Type</td>
<td>
<select name="user_type" required>
<option value="member">Member</option>
<option value="leader">Leader</option>
</select>
</td>
</tr>
<tr>
<td>Email</td>
<td><input type="email" name="email" value='<?php echo ($email) ?>'></td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name="password" id="password"></td>
</tr>
<tr>
<td>Confirm Password:</td>
<td><input type="password" name="confirm_password" id="confirm_password"></td>
</tr>
<tr>
<td></td>
<td><input type="submit" name="submit" value="Register"></td>
<td><a href='index.php'>Login</a></td>
</tr>
</table>
</form>
</div>
<script>
// function check(){
// if(document.getElementById('password').value != document.getElementById('confirm_password').value ){
// alert('password not match');
// return false;
// }else{
// return true;
// }
// }
</script>
<?php
if(is_file('include/footer.php'))
include_once('include/footer.php');
?>
所以,现在我正在努力做同样的我的登录系统,包括stmt和bind。让kinder陷入如何执行角色部分的困境。下面是我的登录代码。
<?php
session_start();
if(isset($_SESSION['user_type']) && isset($_SESSION['user_id']))
{
header('Location: profile.php');
}
session_start();
if(is_file('include/connection.php'))
include_once('include/connection.php');
else
exit('Database FILES MISSING:(');
$username = $_POST['username'];
$password = $_POST['password'];
if(isset($_POST['submit'])){
if(!($stmt = $mysqli->prepare("SELECT * FROM user WHERE user_name = '$name' AND password = '$password' AND user_type = '$user_type'"))){
echo "Prepare failed: (" . $mysqli->errno . ")" . $mysqli->error;
}
if(!$stmt->bind_param('sss', $username, $password, $user_type)){
echo "Bind failed: (" . $stmt->errno . ")" . $stmt->error;
}
if(mysqli_num_rows($result)){
$row = mysqli_fetch_array($result);
$_SESSION['user_id'] = $row['id'];
$_SESSION['user_name'] = strtoupper($row['name']);
$user_type = strtolower($row['user_type']);
if(strtolower($user_type) == 'member'){
$_SESSION['user_type'] = 'member';
//header('Location: member-dashboard-home.php');
header('Location: profile.php');
}elseif(strtolower($user_type) == 'admin' || strtolower($user_type) == 'leader'){
$_SESSION['user_type'] = strtolower($user_type);
//header('Location: admin-dashboard-home.php');
header('Location: profile.php');
}
}else{
$_SESSION['main_notice'] = "Invalid login details!";
header('Location: '.$_SERVER['PHP_SELF']);exit();
}
}
}
$stmt->bind_result($username, $password);
$stmt->store_result();
if(password_verify($password, $row['password'])){
$_SESSION['user'] = $_POST['username'];
header('Location: restricted.php');
exit();
} else{
echo "Login Failed: (" . $stmt->errno .")" . $stmt->error;
}
$stmt->close();
}
$mysqli->close();
$_SESSION['main_title'] = "Login";
?>
道歉,如果我的代码无处不在。如果可以编辑我的代码或者只是解释在期间或错误的地方。
提前感谢。
答案 0 :(得分:2)
您有以下代码:
if (!($stmt = $mysqli->prepare("SELECT * FROM user WHERE user_name = '$name' AND password = '$password' AND user_type = '$user_type'")))
{
echo "Prepare failed: (" . $mysqli->errno . ")" . $mysqli->error;
}
但是在准备好的陈述中,您需要在prepare中使用问号,而不是使用具体的变量名。
所以代码可能是这样的:
if (!($stmt = $mysqli->prepare("SELECT * FROM user WHERE user_name = ? AND password = ? AND user_type = ?")))
{
echo "Prepare failed: (" . $mysqli->errno . ")" . $mysqli->error;
}
此外,您需要在$user_type之前定义变量bind_param。
在bind_param之后,您需要按$stmt->execute();
当您使用SELECT *
$stmt->bind_result($column_1, ..., $column_n);
通常,请查看mysqli预处理语句here的更多详细信息。
最后,我注意到你的代码中有一些语法错误。那里还有两个右括号。
}else{
$_SESSION['main_notice'] = "Invalid login details!";
header('Location: '.$_SERVER['PHP_SELF']);
exit();
}
}
} <= Delete this bracket
else{
echo "Login Failed: (" . $stmt->errno .")" . $stmt->error;
}
$stmt->close();
} <= Delete this bracket