Bind_Param PHP 中的函数从 Uwamp 返回错误
Bind_Param Function in PHP returning error from Uwamp
我正在尝试使用 PHPMyAdmin 创建一个登录系统,但我似乎在使用绑定功能时遇到了问题。它应该打印存储在我登录帐户的数据库中的记录,但我从 uwamp 收到此错误; 警告:mysqli_stmt::bind_param():变量数与 C:\UwAmp\www\Test\M2\Authentication.php 中准备语句中的参数数不匹配,第 22 行
作为参考,这是我的代码;
<?php
//Perameters needed to login to the database
$serverName= "localhost";
$DBUsername= "root";
$DBPassword= "root";
$DatabaseName="database 1";
//Connect to the database using the parameters
$conn = new mysqli($serverName, $DBUsername, $DBPassword, $DatabaseName);
//If there is a connection error, kill the connection and show said error.
if ($conn -> connect_error)
{
die("Connection fail: " . $conn -> connect_error);
}
//Query the table
$paramUsername = $_POST['InputUsername'];
$paramPassword = $_POST['InputPassword'];
$Statement= $conn-> prepare("SELECT UserID, Name, Username, Password, PrivilegeLevel FROM users WHERE Username AND Password= ?");
$Statement -> bind_param('ss', $paramUsername, $paramPassword);
$Statement -> execute();
$Statement -> store_result();
$Statement -> bind_result($UserId, $UtBLName, $UtBLUsername, $UtBLPassword, $PrivLevel);
$Statement -> fetch();
$Statement -> close();
?>
<!DOCTYPE html>
<html lang="en">
<head>
<title>Document</title>
</head>
<body>
<div>
Your user ID is: <?php echo $UserId; ?> <br>
Your name is: <?php echo $UtBLName; ?> <br>
Your username is: <?php echo $UtBLUsername; ?> <br>
Your password is: <?php echo $UtBLPassword; ?> <br>
Your privilege level is: <?php echo $PrivLevel; ?> <br>
</div>
</body>
</html>
现在我环顾了这个网站,发现一个帖子说我应该更改绑定中 S-es 的数量 bind_param,所以我将它从一个更改为两个,它仍然提供同样的错误。有什么建议吗?
你的SQL
Username AND Password= ?
语法错误。当您提供两个值时,它应该是:
Username = ? AND Password = ?
bind_param 调用将 X 个变量放入 X 个 ? SQL,因此变量的数量必须始终与查询中 ? 的数量相匹配。
因此:
$Statement= $conn-> prepare("SELECT UserID, Name, Username, Password, PrivilegeLevel FROM users WHERE Username = ? AND Password= ?");
// Two ? in the SQL mean two variables are required.
$Statement -> bind_param('ss', $paramUsername, $paramPassword);
安全
密码不应以明文形式存储在任何媒体中。您可以使用强烈推荐的 PHPs Password Hash mechanism 轻松解决此问题。
$paramPassword = password_hash($_POST['InputPassword'],PASSWORD_DEFAULT);
我正在尝试使用 PHPMyAdmin 创建一个登录系统,但我似乎在使用绑定功能时遇到了问题。它应该打印存储在我登录帐户的数据库中的记录,但我从 uwamp 收到此错误; 警告:mysqli_stmt::bind_param():变量数与 C:\UwAmp\www\Test\M2\Authentication.php 中准备语句中的参数数不匹配,第 22 行 作为参考,这是我的代码;
<?php
//Perameters needed to login to the database
$serverName= "localhost";
$DBUsername= "root";
$DBPassword= "root";
$DatabaseName="database 1";
//Connect to the database using the parameters
$conn = new mysqli($serverName, $DBUsername, $DBPassword, $DatabaseName);
//If there is a connection error, kill the connection and show said error.
if ($conn -> connect_error)
{
die("Connection fail: " . $conn -> connect_error);
}
//Query the table
$paramUsername = $_POST['InputUsername'];
$paramPassword = $_POST['InputPassword'];
$Statement= $conn-> prepare("SELECT UserID, Name, Username, Password, PrivilegeLevel FROM users WHERE Username AND Password= ?");
$Statement -> bind_param('ss', $paramUsername, $paramPassword);
$Statement -> execute();
$Statement -> store_result();
$Statement -> bind_result($UserId, $UtBLName, $UtBLUsername, $UtBLPassword, $PrivLevel);
$Statement -> fetch();
$Statement -> close();
?>
<!DOCTYPE html>
<html lang="en">
<head>
<title>Document</title>
</head>
<body>
<div>
Your user ID is: <?php echo $UserId; ?> <br>
Your name is: <?php echo $UtBLName; ?> <br>
Your username is: <?php echo $UtBLUsername; ?> <br>
Your password is: <?php echo $UtBLPassword; ?> <br>
Your privilege level is: <?php echo $PrivLevel; ?> <br>
</div>
</body>
</html>
现在我环顾了这个网站,发现一个帖子说我应该更改绑定中 S-es 的数量 bind_param,所以我将它从一个更改为两个,它仍然提供同样的错误。有什么建议吗?
你的SQL
Username AND Password= ?
语法错误。当您提供两个值时,它应该是:
Username = ? AND Password = ?
bind_param 调用将 X 个变量放入 X 个 ? SQL,因此变量的数量必须始终与查询中 ? 的数量相匹配。
因此:
$Statement= $conn-> prepare("SELECT UserID, Name, Username, Password, PrivilegeLevel FROM users WHERE Username = ? AND Password= ?");
// Two ? in the SQL mean two variables are required.
$Statement -> bind_param('ss', $paramUsername, $paramPassword);
安全
密码不应以明文形式存储在任何媒体中。您可以使用强烈推荐的 PHPs Password Hash mechanism 轻松解决此问题。
$paramPassword = password_hash($_POST['InputPassword'],PASSWORD_DEFAULT);