php:如何使用预准备语句从sql获取用户名或电子邮件

时间:2018-06-07 08:45:38

标签: php mysql prepared-statement

以下代码适用于输入用户名或电子邮件的用户。

如果我使用如下代码,似乎$ resultCheck返回空,因此发出错误。变量$ userName应该传递用户在相应输入字段中输入的内容,但是使用以下代码,它似乎没有将ANYTHING传递给查询:

d:htmlparse

最后一行$userName = mysqli_real_escape_string($conn, $_POST['username']); $userPassword = mysqli_real_escape_string($conn, $_POST['userpassword']); if (empty($userName) || empty ($userPassword)) { header("Location: ../signup.php?login=error"); exit(); } else { //Create a template $sql = "SELECT * FROM users WHERE user_name = ? OR user_email=?;"; //Create a prepared statement $stmt = mysqli_stmt_init($conn); //prepare prepared statement if (!mysqli_stmt_prepare($stmt, $sql)) { echo "SQL failed"; } else { //Bind parameters to the placeholder mysqli_stmt_bind_param($stmt, "s", $userName); //run params mysqli_stmt_execute($stmt); $result = mysqli_stmt_get_result($stmt); $resultCheck = mysqli_num_rows($result); echo $resultCheck; if ($resultCheck < 1) { header("Location: ../signup.php?login=error"); exit(); } else { if ($row = mysqli_fetch_assoc($result)) { $pwVeryfied = password_verify($userPassword, $row['user_password']); if ($pwVeryfied == true){ //login here $_SESSION['u_id'] = $row['user_id']; $_SESSION['u_name'] = $row['user_name']; $_SESSION['u_email'] = $row['user_email']; header("Location: ../index.php?login=success"); } else { header("Location: ../signup.php?login=error"); exit(); } } } } } 并未提供任何内容。如果我像这样更改代码:

echo $resultCheck;

$sql = "SELECT * FROM users WHERE user_name = ?;" 给出值echo $resultCheck,就像它应该的那样。

有人知道如何解决这个问题吗?

1 个答案:

答案 0 :(得分:0)

解决方案:

我不得不改变

     mysqli_stmt_bind_param($stmt, "s", $userName);

进入

     mysqli_stmt_bind_param($stmt, "ss", $userName, $userName);

我的逻辑是,因为我只想检查电子邮件或用户名,我只需要绑定一个参数,但显然情况并非如此。

所以我的代码现在看起来像这样:

$userName = mysqli_real_escape_string($conn, $_POST['username']);
$userPassword = mysqli_real_escape_string($conn, $_POST['userpassword']);

if (empty($userName) || empty ($userPassword)) {
    header("Location: ../signup.php?login=error");
    exit();                        
} else {         
    //Create a template
    $sql = "SELECT * FROM users WHERE user_name = ? OR user_email=?;";

    //Create a prepared statement
    $stmt = mysqli_stmt_init($conn);

    //prepare prepared statement
    if (!mysqli_stmt_prepare($stmt, $sql)) {
        echo "SQL failed";
    } else {
        //Bind parameters to the placeholder
        mysqli_stmt_bind_param($stmt, "ss", $userName, $userName);
        //run params
        mysqli_stmt_execute($stmt);
        $result = mysqli_stmt_get_result($stmt);
        $resultCheck = mysqli_num_rows($result);
        echo $resultCheck;

        if ($resultCheck < 1) {
            header("Location: ../signup.php?login=error");
            exit();

        } else {
            if ($row = mysqli_fetch_assoc($result)) {
                $pwVeryfied = password_verify($userPassword, $row['user_password']);

                if ($pwVeryfied == true){              
                    //login here
                    $_SESSION['u_id'] = $row['user_id'];
                    $_SESSION['u_name'] = $row['user_name'];
                    $_SESSION['u_email'] = $row['user_email'];
                    header("Location: ../index.php?login=success");
                } else {
                    header("Location: ../signup.php?login=error");
                    exit();
                }
            }          
        }
    }
}
相关问题
最新问题