Prepare Statement 没有 fetching/binding 任何结果。 PHP
Prepare Statement not fetching/binding any result. PHP
我想使用 prepare 语句进行此查询,但不知何故它没有获取任何数据。我在表单中输入的用户名在数据库中,我想问题一定出在 prepare stmt 的某个地方。
if(isset($_POST['login'])){
$typed_username = mysqli_real_escape_string($connection, $_POST['login_username']);
$typed_password = $_POST['login_password'];
$column = "username";
$stmt = mysqli_prepare($connection, "SELECT user_password FROM users WHERE ? = ?");
mysqli_stmt_bind_param($stmt, "ss", $column, $typed_username);
mysqli_stmt_execute($stmt);
mysqli_stmt_bind_result($stmt, $user_password);
if(mysqli_stmt_num_rows($stmt) < 1){
echo "no results";
}
if(password_verify($typed_password, $user_password)){
echo "login yeah!";
}
}
无论我尝试什么,我都会得到 "no results"。
虽然我已经添加了关于如何解决这个问题的评论,但我想为了您的学习目的,我应该在此处添加解决方案。
如果 $column = "username"; 永远不变,这将成为一个非常简单的解决方案。
如果是这样;你必须改变你的准备:
$stmt = mysqli_prepare($connection, "SELECT user_password FROM users WHERE ? = ?");
对此:
$stmt = mysqli_prepare($connection, "SELECT user_password FROM users WHERE username = ?");
更改之后,您不再需要绑定 $column(mysql 说绑定列无论如何都是无意义的,因为它不会接受它。)
因此,您的 bind_param 更改自:
mysqli_stmt_bind_param($stmt, "ss", $column, $typed_username);
为此(您不再需要 myqsli_real_escape_string 因此您可以将 $_POST 直接放入查询中:
mysqli_stmt_bind_param($stmt, "s", $_POST['login_username']);
因此,您的整体代码现在如下所示:
if(isset($_POST['login'])){
$typed_password = $_POST['login_password'];
$stmt = mysqli_prepare($connection, "SELECT user_password FROM users WHERE username = ?");
mysqli_stmt_bind_param($stmt, "s", $_POST['login_username']);
mysqli_stmt_execute($stmt);
mysqli_stmt_bind_result($stmt, $user_password);
//you where missing fetch
mysqli_stmt_fetch($stmt);
//store the result
mysqli_stmt_store_result($stmt);
//now we can use mysqli_stmt_num_rows
if(mysqli_stmt_num_rows($stmt) < 1){
echo "no results";
}
//added an else here as I said in the comments
else if(password_verify($typed_password, $user_password)){
echo "login yeah!";
}
}
我想使用 prepare 语句进行此查询,但不知何故它没有获取任何数据。我在表单中输入的用户名在数据库中,我想问题一定出在 prepare stmt 的某个地方。
if(isset($_POST['login'])){
$typed_username = mysqli_real_escape_string($connection, $_POST['login_username']);
$typed_password = $_POST['login_password'];
$column = "username";
$stmt = mysqli_prepare($connection, "SELECT user_password FROM users WHERE ? = ?");
mysqli_stmt_bind_param($stmt, "ss", $column, $typed_username);
mysqli_stmt_execute($stmt);
mysqli_stmt_bind_result($stmt, $user_password);
if(mysqli_stmt_num_rows($stmt) < 1){
echo "no results";
}
if(password_verify($typed_password, $user_password)){
echo "login yeah!";
}
}
无论我尝试什么,我都会得到 "no results"。
虽然我已经添加了关于如何解决这个问题的评论,但我想为了您的学习目的,我应该在此处添加解决方案。
如果 $column = "username"; 永远不变,这将成为一个非常简单的解决方案。
如果是这样;你必须改变你的准备:
$stmt = mysqli_prepare($connection, "SELECT user_password FROM users WHERE ? = ?");
对此:
$stmt = mysqli_prepare($connection, "SELECT user_password FROM users WHERE username = ?");
更改之后,您不再需要绑定 $column(mysql 说绑定列无论如何都是无意义的,因为它不会接受它。)
因此,您的 bind_param 更改自:
mysqli_stmt_bind_param($stmt, "ss", $column, $typed_username);
为此(您不再需要 myqsli_real_escape_string 因此您可以将 $_POST 直接放入查询中:
mysqli_stmt_bind_param($stmt, "s", $_POST['login_username']);
因此,您的整体代码现在如下所示:
if(isset($_POST['login'])){
$typed_password = $_POST['login_password'];
$stmt = mysqli_prepare($connection, "SELECT user_password FROM users WHERE username = ?");
mysqli_stmt_bind_param($stmt, "s", $_POST['login_username']);
mysqli_stmt_execute($stmt);
mysqli_stmt_bind_result($stmt, $user_password);
//you where missing fetch
mysqli_stmt_fetch($stmt);
//store the result
mysqli_stmt_store_result($stmt);
//now we can use mysqli_stmt_num_rows
if(mysqli_stmt_num_rows($stmt) < 1){
echo "no results";
}
//added an else here as I said in the comments
else if(password_verify($typed_password, $user_password)){
echo "login yeah!";
}
}