PHP Prepared语句 - 无法从数据库中检索字符串

时间:2017-01-24 14:52:40

标签: php mysql

我对准备好的陈述仍然相当新,因为它引起了另一位用户的注意。我已经能够创建一个注册函数,正确地准备语句,绑定它然后执行它。它进入数据库就好了。但是,我不确定我是否理解登录部分的工作方式。我正在尝试获取一行,我一直得到的结果是“1”但不是行内的行+数据。有什么建议吗?

数据库: Picture of database

login.php(表单所在的位置)

<form id="loginform" class="form-horizontal" role="form" action="" method="post">

    <div style="margin-bottom: 25px" class="input-group">
        <span class="input-group-addon"><i class="glyphicon glyphicon-user"></i></span>
        <input id="login-username" type="text" class="form-control" name="Lusername" placeholder="Username or Email">                                        
    </div>

    <div style="margin-bottom: 25px" class="input-group">
        <span class="input-group-addon"><i class="glyphicon glyphicon-lock"></i></span>
        <input id="login-password" type="password" class="form-control" name="Lpassword" placeholder="Password">
   </div>

   <div class="input-group">
       <div class="checkbox">
           <label>
           <input id="login-remember" type="checkbox" name="remember" value="1"> Remember me
           </label>
       </div>
   </div>

   <div style="margin-top:10px" class="form-group">
   <!-- Button -->

       <div class="col-sm-12 controls">
       <button id="btn-login" type="submit" class="btn btn-success"><i class="icon-hand-right"></i>Submit</button>
       </div>
   </div>
</form>

脚本:

    <script type="text/javascript">
        $(function() {
            $("#loginform").bind('submit',function() {
                var username = $('#login-username').val();
                var password = $('#login-password').val();
                $.post('scripts/loginFunction.php',{username:username, password:password}, function(data){
                    $('#signupsuccess').show();
                }).fail(function(){{
                    $('#signupalert').show();
                }});
                return false;
            });
        });
    </script>

loginFunction.php 

<?php
require 'connection.php';
$username = $_POST['username'];
$password = $_POST['password'];

if($conn->connect_error){
    die("Connection failed: " . $conn->connect_error);
}

$stmt = $conn->prepare("SELECT `Username`, `Password` FROM `users` WHERE `Username` = ?");
$stmt->bind_param('s',$username);
$stmt->execute();
$stmt->store_result();
echo $stmt->num_rows;
/*if($stmt->num_rows == 1){
    $result = $stmt->get_result();
    $row = $result->fetch_assoc();
    print_r($row);
    // here is where you could verify the password
    if(password_verify($password, $row['Password'])) {
        // good password
        echo 'all good!';
    }
} else {
    //echo "failed to find row";
}*/
?>

loginFunction.php,它可以正常工作并正确地查询数据库

require 'connection.php';
$username = $_POST['username'];
$password = $_POST['password'];

if($conn->connect_error){
    die("Connection failed: " . $conn->connect_error);
}
$query = "SELECT * FROM users WHERE username='$username'";
$result = $conn->query($query);
if($result->num_rows == 1){
    $row = mysqli_fetch_array($result);
    if(password_verify($password, $row['Password'])){
        echo "Login successful!";
    }
    else{
        echo "Login failed.";
    }
}

编辑:这是您应该使用的代码。请注意$stmt如何贯穿始终:

$stmt = $conn->prepare("SELECT `Username`, `Password` FROM `users` WHERE `Username` = ?");
$stmt->bind_param('s',$username);
$stmt->execute();
$stmt->store_result();
echo $stmt->num_rows;
/*if($stmt->num_rows == 1){
    $result = $stmt->get_result();
    $row = $result->fetch_assoc();
    print_r($row);
    // here is where you could verify the password
    if(password_verify($password, $row['Password'])) {
        // good password
        echo 'all good!';
    }
} else {
    //echo "failed to find row";
}*/

1 个答案:

答案 0 :(得分:0)

我已经解决了这个问题。当我去抓取时,我需要将它存储在一个单独的变量中,而不是用户存储输入密码的变量。这可以反映在下面的代码中:

<?php
require 'connection.php';
$username = $_POST['username'];
$password = $_POST['password'];
$dbusername = ""; //These two being the new variables
$dbpassword = "";

if($conn->connect_error){
    die("Connection failed: " . $conn->connect_error);
}

$stmt = $conn->prepare("SELECT Username, Password FROM users WHERE Username = ?;");
$stmt->bind_param('s', $username);
$stmt->execute();
if($stmt->execute() == true){
    $stmt->bind_result($dbusername, $dbpassword);
    $stmt->fetch();
    if(password_verify($password, $dbpassword)) {
        echo 'successful';
    }
    else{
        echo 'failed';
    }
}
else{
    echo 'failed';
}

?>
相关问题
最新问题