以下代码适用于输入用户名或电子邮件的用户。
如果我使用如下代码,似乎$ resultCheck返回空,因此发出错误。变量$ userName应该传递用户在相应输入字段中输入的内容,但是使用以下代码,它似乎没有将ANYTHING传递给查询:
d:htmlparse
最后一行$userName = mysqli_real_escape_string($conn, $_POST['username']);
$userPassword = mysqli_real_escape_string($conn, $_POST['userpassword']);
if (empty($userName) || empty ($userPassword)) {
header("Location: ../signup.php?login=error");
exit();
} else {
//Create a template
$sql = "SELECT * FROM users WHERE user_name = ? OR user_email=?;";
//Create a prepared statement
$stmt = mysqli_stmt_init($conn);
//prepare prepared statement
if (!mysqli_stmt_prepare($stmt, $sql)) {
echo "SQL failed";
} else {
//Bind parameters to the placeholder
mysqli_stmt_bind_param($stmt, "s", $userName);
//run params
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
$resultCheck = mysqli_num_rows($result);
echo $resultCheck;
if ($resultCheck < 1) {
header("Location: ../signup.php?login=error");
exit();
} else {
if ($row = mysqli_fetch_assoc($result)) {
$pwVeryfied = password_verify($userPassword, $row['user_password']);
if ($pwVeryfied == true){
//login here
$_SESSION['u_id'] = $row['user_id'];
$_SESSION['u_name'] = $row['user_name'];
$_SESSION['u_email'] = $row['user_email'];
header("Location: ../index.php?login=success");
} else {
header("Location: ../signup.php?login=error");
exit();
}
}
}
}
}
并未提供任何内容。如果我像这样更改代码:
echo $resultCheck;
$sql = "SELECT * FROM users WHERE user_name = ?;"
给出值echo $resultCheck
,就像它应该的那样。
有人知道如何解决这个问题吗?
答案 0 :(得分:0)
解决方案:
我不得不改变
mysqli_stmt_bind_param($stmt, "s", $userName);
进入
mysqli_stmt_bind_param($stmt, "ss", $userName, $userName);
我的逻辑是,因为我只想检查电子邮件或用户名,我只需要绑定一个参数,但显然情况并非如此。
所以我的代码现在看起来像这样:
$userName = mysqli_real_escape_string($conn, $_POST['username']);
$userPassword = mysqli_real_escape_string($conn, $_POST['userpassword']);
if (empty($userName) || empty ($userPassword)) {
header("Location: ../signup.php?login=error");
exit();
} else {
//Create a template
$sql = "SELECT * FROM users WHERE user_name = ? OR user_email=?;";
//Create a prepared statement
$stmt = mysqli_stmt_init($conn);
//prepare prepared statement
if (!mysqli_stmt_prepare($stmt, $sql)) {
echo "SQL failed";
} else {
//Bind parameters to the placeholder
mysqli_stmt_bind_param($stmt, "ss", $userName, $userName);
//run params
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
$resultCheck = mysqli_num_rows($result);
echo $resultCheck;
if ($resultCheck < 1) {
header("Location: ../signup.php?login=error");
exit();
} else {
if ($row = mysqli_fetch_assoc($result)) {
$pwVeryfied = password_verify($userPassword, $row['user_password']);
if ($pwVeryfied == true){
//login here
$_SESSION['u_id'] = $row['user_id'];
$_SESSION['u_name'] = $row['user_name'];
$_SESSION['u_email'] = $row['user_email'];
header("Location: ../index.php?login=success");
} else {
header("Location: ../signup.php?login=error");
exit();
}
}
}
}
}