Mysqli_prepare无法正常工作

时间:2017-11-23 15:28:34

标签: php

解决这个问题可以让我解决另一个问题。在我看来,声明并没有正确准备或执行。我使用基本的HTML表单进行调试,并且我知道这些值已正确发布用于用户名和密码。

<?php
   $con = mysqli_connect('localhost', 'user', 'password');
           if (mysqli_connect_errno()) {
            echo "Failed to connect to MySQL: " . mysqli_connect_error();
        }

    var_dump(mysqli_select_db($con,'db'));

    $username = $_POST["username"];
    $password = $_POST["password"];

     var_dump($username,$password);

    $statement = mysqli_stmt_prepare($con, "SELECT password FROM user WHERE username = ?");
    var_dump($statement);
    mysqli_stmt_bind_param($statement, "s", $username);
    mysqli_stmt_execute($statement);
    mysqli_stmt_store_result($statement);
    mysqli_stmt_bind_result($statement, $colUserID, $colName, $colUsername, $colAge, $colPassword);

    $response = array();
    $response["success"] = false;  

    while(mysqli_stmt_fetch($statement)){
        if (strcmp($password,$colPassword)) {
            $response["success"] = true;  
        }
    }
    echo json_encode($response);
?>

如果有任何兴趣,可以使用以下表格:

<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Insert title here</title>
</head>
<body>
<form action="LoginSecure.php" method="post">
Username: <input type="text" name="username"><br>
Password: <input type="password" name="password"><br>


<input type="submit">
</form>
</body>
</html>

最后是var_dump:

/home/r38w9q46ii75/public_html/LoginSecure.php:7:boolean true
/home/r38w9q46ii75/public_html/LoginSecure.php:12:string 'test2' (length=5)
/home/r38w9q46ii75/public_html/LoginSecure.php:12:string 'test2' (length=5)
/home/r38w9q46ii75/public_html/LoginSecure.php:14:null
{"success":false}

编辑:改变:

<?php
   $con = mysqli_connect('localhost', 'user', 'password');
           if (mysqli_connect_errno()) {
            echo "Failed to connect to MySQL: " . mysqli_connect_error();
        }

    var_dump(mysqli_select_db($con,'db'));

    $username = $_POST["username"];
    $password = $_POST["password"];

     var_dump($username,$password);

    $statement = mysqli_stmt_init($con);
    mysqli_stmt_prepare($statement, "SELECT password FROM user WHERE username = ?");
    mysqli_stmt_bind_param($statement, "s", $username);
    mysqli_stmt_execute($statement);
    mysqli_stmt_store_result($statement);
    mysqli_stmt_bind_result($statement, $colPassword);

    $response = array();
    $response["success"] = false;  

    while(mysqli_stmt_fetch($statement)){
        if (strcmp($password,$colPassword)==0) {
            $response["success"] = true;  
        }
    }
    echo json_encode($response);
?>

2 个答案:

答案 0 :(得分:0)

您需要初始化并执行SELECT * not only password 测试一下:

$statement = mysqli_stmt_init($con);
mysqli_stmt_prepare($statement, "SELECT * FROM user WHERE username = ?");
    mysqli_stmt_bind_param($statement, "s", $username);
    mysqli_stmt_execute($statement);
    mysqli_stmt_store_result($statement);
    mysqli_stmt_bind_result($statement, $colUserID, $colName, $colUsername, $colAge, $colPassword);

答案 1 :(得分:0)

这里

mysqli_stmt_bind_result($statement, $colUserID, $colName, $colUsername, $colAge, $colPassword);

你想将5个变量绑定到结果,但是你的查询只返回一个:'密码' 因此,获取将失败并在此处返回false {。{1}}。

要解决这个问题,只需从bind_result中删除不需要的变量:

while(mysqli_stmt_fetch($statement))

作为替代方案,您当然也可以将列user,name,...添加到您的查询中。

请不要在数据库中存储普通密码 使用password_hash()

第三:
你在这里有一个地方错误:

mysqli_stmt_bind_result($statement, $colPassword);
如果两个字符串相同,

strcmp将返回 if (strcmp($password,$colPassword)) { $response["success"] = true; } ,但如果第一个参数比第二个参数更大,则strcmp将返回0。 因此0将返回1 - &gt;你将返回strcmp('test2', 'test')! 反之亦然,如果密码正确,您现在将返回success = false。

相关问题
最新问题