我仍然遇到绑定参数的一些问题。
我创建了一个简单的密码哈希检查,现在我尝试使用有界参数来阻止sql注入。
这是原作:
$sql = "SELECT * FROM users WHERE Email='{$_POST['Email']}'";
$result = mysqli_query($db,$sql);
$row = mysqli_fetch_assoc($result);
$hash_pwd = $row['Password'];
$hash = password_verify($_POST['Password'], $hash_pwd);
这是我尝试绑定参数:
$result = $db->prepare("SELECT * FROM users WHERE Email= ?");
$result->bind_param("s", $_POST['Email']);
$result->execute();
$result->store_result();
$row = $result->fetch_assoc();
$hash_pwd = $row['Password'];
//hash checks password
$hash = password_verify($_POST['Password'], $hash_pwd);
后者返回"调用未定义的方法mysqli_stmt :: fetch_assoc()"
答案 0 :(得分:1)
mysqli_stmt类没有方法fetch_assoc(),只有fetch()。
例如:
$stmt = $db->prepare("SELECT * FROM users WHERE Email= ?");
$stmt->bind_param("s", $_POST['Email']);
// bind_result() method takes references to variables for storing a results.
$stmt->bind_result($password);
// fetch() return true, false or null
$return = $result->fetch();
if ($return) {
echo $password; // Contains a value of first column
}
fetch_assoc是mysqli_result类的方法:
$stmt = $db->prepare("SELECT * FROM users WHERE Email= ?");
$stmt->bind_param("s", $_POST['Email']);
$stmt->execute();
// Get the instance of mysqli_result:
$result = $stmt->get_result();
$row = $result->fetch_assoc();
if ($row) {
echo $row['password'];
}