mysqli_stmt :: bind_result():错误

时间:2018-02-21 02:14:29

标签: php mysql prepared-statement

我现在已经使用了php一段时间但是我仍然对一些事情保持安静,其中一个是bind_result()。所以我在项目上创建了一个登录系统,但我不断收到错误:

mysqli_stmt :: bind_result():绑定变量的数量与预备语句中的字段数不匹配

我知道这与我选择所有列的事实有关,我想知道我必须绑定所有列还是他们更简单的方法?

我在function.php中的代码

    public function getUserByEmailAndPassword($email, $password) {

       $sql = "SELECT * FROM users WHERE email = ?"; // SQL Statement
       $stmt = $this->conn->prepare($sql); // Prepare the SQL Statement
       $stmt->bind_param('s', $email); // Bind the placeholder with the correct data type from the SQL Statement
       $stmt->execute(); // Execute the prepared statement
       $stmt->store_result(); // Store the prepared statement for later checking

       // Check to make sure if any data is returned
       if($stmt->num_rows) {

           // Create and append variables
           $user = $stmt->bind_result($email);


          // Create a while loop
           while($stmt->fetch()) {
              // verifying user password
              $salt = $user['salt'];
              $encrypted_password = $user['encrypted_password'];
              $hash = $this->checkhashSSHA($salt, $password);
              // check for password equality
              if ($encrypted_password == $hash) {
                 // user authentication details are correct
                 $stmt->close();
                 return $user;
              }else {

            }
        }
            return NULL;
    }
}

1 个答案:

答案 0 :(得分:-1)

您可以尝试使用此代码。但是,由于您的查询不明确,请加密您的密码,然后签入条件

function getUserByEmailAndPassword($email) {
$stmt = $conn->prepare('SELECT
email,
password
FROM users
WHERE email = ?
');
$stmt->bind_param('s',$email);
$stmt->execute();
$stmt->store_result();
while($stmt->fetch()){
    $row = array('email'=>$email,'password'=>$password);
}
$stmt->close();
if(!empty($row)){
    return $row;
} else {
    return "";
}

}

 $userDetails = getUserByEmailAndPassword($email);
 //Encrypt your password here
 if($userDetails['password'] == $encryped_password){
  //do_something
 }