PHP MySQL 将第五列添加到查询中断脚本

PHP MySQL Adding fifth column to query breaks script

我正在尝试将用户组添加到我的登录系统,但是每当我将最后一列添加到脚本中时,它会破坏所有内容。我试图将它添加到我的 prepare 语句并将其绑定到一个变量,然后将该值存储到 $_SESSION 变量中。我不知道我哪里出了问题。

这是我添加最后一列之前的代码:

function login($email, $password, $mysqli)
{
if($stmt = $mysqli->prepare("SELECT id, username, password, salt FROM members WHERE email=? LIMIT 1"))
{
    $stmt->bind_param('s', $email);
    $stmt->execute();
    $stmt->store_result();

    $stmt->bind_result($user_id, $username, $db_password, $salt);
    $stmt->fetch();

    $password= hash('key', $password . $salt);
    if ($stmt->num_rows == 1)
    {
        if(checkbrute($user_id, $mysqli) == true)
        {
            //account is locked
            //send email to user saying acc is locked
            return false;
        } 
        else
        {
            if($db_password == $password)
            {
                //password is correct
                //get useragent string of the user
                $user_browser = $_SERVER['HTTP_USER_AGENT'];
                //XSS protect as we might print this value
                $user_id = preg_replace("/[^0-9]+/", "", $user_id);
                $_SESSION['user_id'] = $user_id;
                //XSS protect as we might print this value.
                $username = preg_replace("/[^a-zA-Z0-9_\-]+/", "", $username);

                $_SESSION['username'] = $username;
                $_SESSION['login_string'] = hash('key', $password . $user_browser);
                //login successful
                return true;
            } 
            else
            {
                //password is not correct
                //we record this attempt in the db
                $now = time();
                $mysqli->query("INSERT INTO login_attempts(user_id, time) VALUES ('$user_id, '$now')");

                return false;
            }
        }
    }
    else
    {
        //no user exists.
        return false;
    }
}
}

这是之后的:

function login($email, $password, $mysqli)
{
if($stmt = $mysqli->prepare("SELECT id, username, password, salt, group FROM members WHERE email=? LIMIT 1"))
{
    $stmt->bind_param('s', $email);
    $stmt->execute();
    $stmt->store_result();

    $stmt->bind_result($user_id, $username, $db_password, $salt, $usr_group);
    $stmt->fetch();

    $password= hash('key', $password . $salt);
    if ($stmt->num_rows == 1)
    {
        if(checkbrute($user_id, $mysqli) == true)
        {
            //account is locked
            //send email to user saying acc is locked
            return false;
        } 
        else
        {
            if($db_password == $password)
            {
                //password is correct
                //get useragent string of the user
                $user_browser = $_SERVER['HTTP_USER_AGENT'];
                //XSS protect as we might print this value
                $user_id = preg_replace("/[^0-9]+/", "", $user_id);
                $_SESSION['user_id'] = $user_id;
                //XSS protect as we might print this value.
                $username = preg_replace("/[^a-zA-Z0-9_\-]+/", "", $username);

                $_SESSION['username'] = $username;
                $_SESSION['user_group'] = $usr_group;
                $_SESSION['login_string'] = hash('key', $password . $user_browser);
                //login successful
                return true;
            } 
            else
            {
                //password is not correct
                //we record this attempt in the db
                $now = time();
                $mysqli->query("INSERT INTO login_attempts(user_id, time) VALUES ('$user_id, '$now')");

                return false;
            }
        }
    }
    else
    {
        //no user exists.
        return false;
    }
}
}

如有任何帮助,我们将不胜感激。

group 是 mysql 中的 reserved word,请尝试用反引号将其包裹起来 `(或避免在您的 table 架构):

"SELECT id, username, password, salt, `group` FROM members WHERE email=? LIMIT 1"

避免使用组,因为这是 SQL 中的保留字。

将您的声明更改为: SELECT id, 用户名, 密码, salt, usergroup FROM members WHERE email=?限制 1

这意味着您需要重命名您的列: ALTER TABLE members 将 COLUMN 组重命名为用户组;