我可以获得正常的mysqli查询,但我最近尝试使用预准备语句来阻止sql注入。一切似乎工作正常,除了从数据库中选择行后,我无法执行更新操作。 (请参阅代码中的注释以更好地理解我的问题。)
$username=$_POST["username"];
$password=md5($_POST["password"]);
$remember=$_POST["remember"];
$stmt = $conn->stmt_init();
$sql = 'SELECT `uid` FROM `users` WHERE `username` = ? AND `password` = ?';
if($stmt->prepare($sql)){
$stmt->bind_param("ss", $username, $password);
$stmt->execute();
$stmt->bind_result($uid);
$stmt->store_result();
if($stmt->num_rows == 1){
if($stmt->fetch()){
$last_log=time();
$log_hash=md5($last_log);
/*
Everything works till here, but the following update query not executing i.e., else is always executed
*/
$sql = "UPDATE `users` SET `log_hash` = '$log_hash' AND `last_log` = '$last_log' WHERE `uid` = '$uid'";
if(mysqli_query($conn,$sql)){
if($remember=="true"){
setcookie("hash", $log_hash,time()+60*60*24*7);
setcookie("uid", $uid,time()+60*60*24*7);
}
else
{
setcookie("hash", $log_hash);
setcookie("uid", $uid);
}
$response["msg"]="Login Successful";
$response["code"]="LOGIN_SUC";
}
else
{
$response["msg"]="Unable To Login";
$response["code"]="LOGIN_ERR_3";
}
}
}
else
{
$response["msg"]="Invalid Credentials";
$response["code"]="LOGIN_ERR_2";
}
}
else
{
$response["msg"]="Unable to Handle Database";
$response["code"]="LOGIN_ERR_1";
}
没关系,问题出在更新语句中。并非必需!