为什么我的准备声明不起作用?

时间:2017-08-19 23:08:46

标签: php html mysql

出于某种原因,我的prepare语句似乎没有返回任何行或登录,但我确定输入的密码和用户名是正确的;当没有使用prepare语句运行代码时,系统会登录。有人会碰巧知道为什么我的prepare语句不起作用,或者我是否应该使用其他方法?

<?php session_start(); ?>
<!DOCTYPE html>
<html>
<head>
    <title>Logged in</title>
</head>
<body>
    <?php

        $user=$_GET["username"];
        $pass=$_GET["password"];


        $servername="localhost";
        $username="root";
        $password="";
        $dbName="db_artzytest";

        $conn=new mysqli($servername, $username, $password, $dbName);

        if($conn->connect_error){
            echo $conn->connect_error;
            die("connection to server not found");
        }else{
            echo "connection established";
        }
        ///finds account with matching login info
        $sql="SELECT * FROM db_users WHERE username='{$user}' AND password='{$pass}' ";


        $sql="SELECT * FROM db_users WHERE username = ? AND password = ?";


        try{
            $stmt = $conn->prepare($sql);
            $stmt->bind_param("ss", $user, $pass);
            $stmt->execute();
      }catch(Exception $e){
          die("prepare failed: " . $e);
      }
        echo 'here';
        //$result = $stmt->store_result();

        printf("Number of rows: %d. \n", $stmt->num_rows);

        //$result=$conn->query($sql);   
        echo 'here';
        if( mysqli_num_rows($result) > 0 ){

            while($row=mysqli_fetch_assoc($result)){
                //only logs in if the account is activated
                if($row["isActivated"]==1){

                    $_SESSION["currentUser"]=$user;
                    $_SESSION["currentId"]=$row["id"];
                    $_SESSION["currentPass"]=$pass;

                    //header( 'Location: ../ProfilePage/profilePage.php' );
                    header( 'Location: ../Content/displayGroup.php?group=general' );
                }else{
                    $_SESSION["m_Login"]="Unverified Account. Check your email to verify.";
                    header('Location: Login.php');
                }
            }
            /*
            $sql=" SELECT * FROM table_images WHERE userid = {$_SESSION["currentId"]} ";

            $result=$conn->query($sql);

            if(mysqli_num_rows($result) > 0){
                while($row=mysqli_fetch_assoc($result)){
                    echo "<img style='height: 10vh; width: 10vw;' src='../../images/{$row["id"]}.jpg' />";
                    echo "{$row["imageName"]}</br>";
                }
            }
            */

        }else{
            $_SESSION["m_Login"]="password or username incorrect {$user} {$pass}"  . var_dump(mysqli_stmt_get_result($stmt) );
            header('Location: Login.php');
            echo "no user found";
        }

    ?>
</body>
</html>

1 个答案:

答案 0 :(得分:0)

你正在混合OO和procdeural所以我将假设这是导致你的代码无法按预期执行的原因。

文档说明:

  

仅程序样式:mysqli_query(),mysqli_store_result()或mysqli_use_result()返回的结果集标识符。

更改,

if( mysqli_num_rows($result) > 0 ){

要,

if($stmt->num_rows($result) > 0 ) {

这应解决问题。