Question

我正在做一个Android项目，我在登录帐户时遇到了问题。即使密码不正确或为空，我也可以登录。我无法识别错误。我检查了我的代码，但没有任何帮助我可以帮助我吗？

我的代码：

userLogin.php

require_once '../includes/DbOperations.php';

$response = array(); 

if($_SERVER['REQUEST_METHOD']=='POST'){
if(isset($_POST['username']) and isset($_POST['password'])){
    $db = new DbOperations(); 
    $result = $db->userLogin($_POST['username'], $_POST['password']);

    if ($result == 1) {
        # code...
        $user = $db->getUserByUsername($_POST['username']);
        $response['error'] = false; 
        $response['id'] = $user['id'];
        $response['email'] = $user['email'];
        $response['username'] = $user['username'];
        $response['phone'] = $user['phone'];
        $response['gender'] = $user['gender'];
        $response['message'] = "Found successfully";
    }
    elseif ($result == 2) {

        # code...
        $response['error'] = true; 
        $response['message'] = "Some error occurred please try again";
    }

   }else{
    $response['error'] = true; 
    $response['message'] = "Required fields are missing";
     }
   }

  echo json_encode($response);

DbOperations.php

public function userLogin($username, $pass){
        $password = md5($pass);
        $stmt = $this->con->prepare("SELECT * FROM users WHERE username = ? AND password = ?;");
        if($stmt != FALSE){
        $stmt->bind_param("ss",$username,$password);
        if($stmt->execute()){
                return 1; 
            }else{
                return 2; 
            }
        $stmt->store_result(); 
        $stmt->close();

        else
        {
            var_dump($this->con->error);            
        }
    }

    public function getUserByUsername($username){
        $stmt = $this->con->prepare("SELECT * FROM users WHERE username = ?;");
        if($stmt != FALSE){
        $stmt->bind_param("s",$username);
        $stmt->execute();
        return $stmt->get_result()->fetch_assoc();
    }
    else
    {
        var_dump($this->con->error);
    }
    }

Answer 1

如果找到记录，请返回值，但如果查询成功执行，则返回值。

您的代码：

if($stmt->execute()){
   return 1; 
 }else{
   return 2; 
 }

应该是：

if($stmt->num_rows > 0){
  return 1; 
}else{
  return 2; 
}

根据您的代码，如果输入错误的用户名，则应该使用。

Answer 2

if($stmt->execute() != FALSE)不正确。见下面的代码：

public function userLogin($username, $pass){
        $password = md5($pass);
        $stmt = $this->con->prepare("SELECT * FROM users WHERE username = ? AND password = ?;");
        if($stmt != FALSE){
        $stmt->bind_param("ss",$username,$password);
        $stmt->execute()

        $stmt->store_result(); 
        $rows = $stmt->num_rows;
        $stmt->close();
        return $rows;

        else
        {
            var_dump($this->con->error);            
        }
    }

    public function getUserByUsername($username){
        $stmt = $this->con->prepare("SELECT * FROM users WHERE username = ?;");
        if($stmt != FALSE){
        $stmt->bind_param("s",$username);
        $stmt->execute();
        return $stmt->get_result()->fetch_assoc();
    }
    else
    {
        var_dump($this->con->error);
    }
    }

关于登录的PHP代码出错

2 个答案: