mysqli_stmt::bind_param(): 变量数与准备语句中的参数数不匹配
mysqli_stmt::bind_param(): Number of variables doesn't match number of parameters in prepared statement
我是 他们尝试使用 mysqli :: bind_param 但未成功。在下面的代码中,函数 login ( ) 在页面 login.php 上用 username 和 password 调用。尽管所有努力和指南和论坛都已阅读,但继续 return 同样的错误。
我都试过
bind_param ( 's' , $ variable )
与
bind_param ( 1 , $ variable )
与
bind_param ( 'ss' , $ variable1 , $ variable2 )
我试过不带''的查询
"SELECT id,org_id,org_group_id,people_id FROM users WHERE username = ? AND password = ?"
我哪里错了?
public function login($_username, $_password) {
$this->sessionOpen ();
if ($_username == "") {
$this->log->error ( "Username vuoto" );
throw new AuthLoginFailed ();
}
if ($_password == "") {
$this->log->error ( "Password vuota" );
throw new AuthLoginFailed ();
}
$db = new mysqli ( $this->sql ['server'], $this->sql ['username'], $this->sql ['password'], $this->sql ['database'] );
if (mysqli_connect_errno ()) {
$this->log->error ( "Errore di connessione a mysql: " . mysqli_error ( $db ) );
throw new MysqliConnectionError ( "Mysqli error: " . mysqli_error ( $db ) );
}
$stmt = $db->prepare ( "SELECT id,org_id,org_group_id,people_id FROM users WHERE 'username' = ? AND 'password' = ?" );
if (! $stmt) {
$this->log->error ( "Mysqli prepare error: " . mysqli_error ( $db ) );
throw new MysqliPrepareException ( "Mysqli error: " . mysqli_error ( $db ) );
}
echo md5 ( $_username ) . "---" . md5 ( $_password );
//on page username and password is showed at this point
$user=trim(md5 ( $_username ));
$pass=trim(md5 ( $_password ));
$stmt->bind_param ( 1, $user);
$stmt->bind_param ( 2, $pass);
/* Execute it */
$stmt->execute ();
if (! $stmt) {
$this->log->error ( "Mysqli prepare error: " . mysqli_error ( $db ) );
throw new MysqliExecuteException ( "Mysqli error: " . mysqli_error ( $db ) );
}
$stmt->fetch($rst);
echo "results: " . $rst->num_rows; //output of this: results:
if ($rst->num_rows == 0) {
throw new AuthLoginFailed ();
}
/* Close statement */
$stmt->close ();
/* Close connection */
$db->close ();
}
apache 日志中的错误是
[Sat Oct 24 08:52:04 2015] [error] [client 192.168.253.6] PHP Warning: mysqli_stmt::bind_param(): Number of variables doesn't match number of parameters in prepared statement in /www/gexy/XXXX/html/lib/Auth.php on line 77, referer: https://gexy.it/login.php
[Sat Oct 24 08:52:04 2015] [error] [client 192.168.253.6] PHP Warning: mysqli_stmt::bind_param(): Number of variables doesn't match number of parameters in prepared statement in /www/gexy/XXXX/html/lib/Auth.php on line 78, referer: https://gexy.it/login.php
非常感谢大家
修改为:
$stmt->bind_param ( "ss", $user, $pass);
因为在 bind_param () 中没有定义 1 数据类型。 bind_param() 将接受两个参数,第一个是类型 (i, d, s, b) 在您的查询中对应的数据类型(?),第二个参数是值。
建议是:
不要与==比较,对于空字符串,因为如果用户输入3个白色space,它将不相等。使用 empty() 来检查是否为空字符串。
不要调用不必要的方法,它没有任何意义,例如:在你的代码中你在md5()之后调用trim()。 md5() 不会 return 任何白色 space 字符。所以调用trim(md5($username))意义不大
尝试用我的代码替换你的代码希望你的问题得到解决。
public function login($_username, $_password) {
$this->sessionOpen ();
if (empty($_username)) {
$this->log->error ( "Username vuoto" );
throw new AuthLoginFailed ();
}
if (empty($_password)) {
$this->log->error ( "Password vuota" );
throw new AuthLoginFailed ();
}
$db = new mysqli ( $this->sql ['server'], $this->sql ['username'], $this->sql ['password'], $this->sql ['database'] );
if (mysqli_connect_errno ()) {
$this->log->error ( "Errore di connessione a mysql: " . mysqli_error ( $db ) );
throw new MysqliConnectionError ( "Mysqli error: " . mysqli_error ( $db ) );
}
$stmt = $db->prepare ( "SELECT id,org_id,org_group_id,people_id FROM users WHERE 'username' = ? AND 'password' = ?" );
if (! $stmt) {
$this->log->error ( "Mysqli prepare error: " . mysqli_error ( $db ) );
throw new MysqliPrepareException ( "Mysqli error: " . mysqli_error ( $db ) );
}
echo md5 ( $_username ) . "---" . md5 ( $_password );
//on page username and password is showed at this point
$user=md5 ( $_username );
$pass=md5 ( $_password );
$stmt->bind_param ( "ss", $user,$pass);
/* Execute it */
$stmt->execute ();
if (! $stmt) {
$this->log->error ( "Mysqli prepare error: " . mysqli_error ( $db ) );
throw new MysqliExecuteException ( "Mysqli error: " . mysqli_error ( $db ) );
}
$stmt->fetch($rst);
echo "results: " . $rst->num_rows; //output of this: results:
if ($rst->num_rows == 0) {
throw new AuthLoginFailed ();
}
/* Close statement */
$stmt->close ();
/* Close connection */
$db->close ();
}
问题解决后请告诉我。
我是 他们尝试使用 mysqli :: bind_param 但未成功。在下面的代码中,函数 login ( ) 在页面 login.php 上用 username 和 password 调用。尽管所有努力和指南和论坛都已阅读,但继续 return 同样的错误。
我都试过
bind_param ( 's' , $ variable )
与
bind_param ( 1 , $ variable )
与
bind_param ( 'ss' , $ variable1 , $ variable2 )
我试过不带''的查询
"SELECT id,org_id,org_group_id,people_id FROM users WHERE username = ? AND password = ?"
我哪里错了?
public function login($_username, $_password) {
$this->sessionOpen ();
if ($_username == "") {
$this->log->error ( "Username vuoto" );
throw new AuthLoginFailed ();
}
if ($_password == "") {
$this->log->error ( "Password vuota" );
throw new AuthLoginFailed ();
}
$db = new mysqli ( $this->sql ['server'], $this->sql ['username'], $this->sql ['password'], $this->sql ['database'] );
if (mysqli_connect_errno ()) {
$this->log->error ( "Errore di connessione a mysql: " . mysqli_error ( $db ) );
throw new MysqliConnectionError ( "Mysqli error: " . mysqli_error ( $db ) );
}
$stmt = $db->prepare ( "SELECT id,org_id,org_group_id,people_id FROM users WHERE 'username' = ? AND 'password' = ?" );
if (! $stmt) {
$this->log->error ( "Mysqli prepare error: " . mysqli_error ( $db ) );
throw new MysqliPrepareException ( "Mysqli error: " . mysqli_error ( $db ) );
}
echo md5 ( $_username ) . "---" . md5 ( $_password );
//on page username and password is showed at this point
$user=trim(md5 ( $_username ));
$pass=trim(md5 ( $_password ));
$stmt->bind_param ( 1, $user);
$stmt->bind_param ( 2, $pass);
/* Execute it */
$stmt->execute ();
if (! $stmt) {
$this->log->error ( "Mysqli prepare error: " . mysqli_error ( $db ) );
throw new MysqliExecuteException ( "Mysqli error: " . mysqli_error ( $db ) );
}
$stmt->fetch($rst);
echo "results: " . $rst->num_rows; //output of this: results:
if ($rst->num_rows == 0) {
throw new AuthLoginFailed ();
}
/* Close statement */
$stmt->close ();
/* Close connection */
$db->close ();
}
apache 日志中的错误是
[Sat Oct 24 08:52:04 2015] [error] [client 192.168.253.6] PHP Warning: mysqli_stmt::bind_param(): Number of variables doesn't match number of parameters in prepared statement in /www/gexy/XXXX/html/lib/Auth.php on line 77, referer: https://gexy.it/login.php
[Sat Oct 24 08:52:04 2015] [error] [client 192.168.253.6] PHP Warning: mysqli_stmt::bind_param(): Number of variables doesn't match number of parameters in prepared statement in /www/gexy/XXXX/html/lib/Auth.php on line 78, referer: https://gexy.it/login.php
非常感谢大家
修改为:
$stmt->bind_param ( "ss", $user, $pass); 因为在 bind_param () 中没有定义 1 数据类型。 bind_param() 将接受两个参数,第一个是类型 (i, d, s, b) 在您的查询中对应的数据类型(?),第二个参数是值。
建议是:
不要与==比较,对于空字符串,因为如果用户输入3个白色space,它将不相等。使用 empty() 来检查是否为空字符串。
不要调用不必要的方法,它没有任何意义,例如:在你的代码中你在
md5()之后调用trim()。md5()不会 return 任何白色 space 字符。所以调用trim(md5($username))意义不大
尝试用我的代码替换你的代码希望你的问题得到解决。
public function login($_username, $_password) {
$this->sessionOpen ();
if (empty($_username)) {
$this->log->error ( "Username vuoto" );
throw new AuthLoginFailed ();
}
if (empty($_password)) {
$this->log->error ( "Password vuota" );
throw new AuthLoginFailed ();
}
$db = new mysqli ( $this->sql ['server'], $this->sql ['username'], $this->sql ['password'], $this->sql ['database'] );
if (mysqli_connect_errno ()) {
$this->log->error ( "Errore di connessione a mysql: " . mysqli_error ( $db ) );
throw new MysqliConnectionError ( "Mysqli error: " . mysqli_error ( $db ) );
}
$stmt = $db->prepare ( "SELECT id,org_id,org_group_id,people_id FROM users WHERE 'username' = ? AND 'password' = ?" );
if (! $stmt) {
$this->log->error ( "Mysqli prepare error: " . mysqli_error ( $db ) );
throw new MysqliPrepareException ( "Mysqli error: " . mysqli_error ( $db ) );
}
echo md5 ( $_username ) . "---" . md5 ( $_password );
//on page username and password is showed at this point
$user=md5 ( $_username );
$pass=md5 ( $_password );
$stmt->bind_param ( "ss", $user,$pass);
/* Execute it */
$stmt->execute ();
if (! $stmt) {
$this->log->error ( "Mysqli prepare error: " . mysqli_error ( $db ) );
throw new MysqliExecuteException ( "Mysqli error: " . mysqli_error ( $db ) );
}
$stmt->fetch($rst);
echo "results: " . $rst->num_rows; //output of this: results:
if ($rst->num_rows == 0) {
throw new AuthLoginFailed ();
}
/* Close statement */
$stmt->close ();
/* Close connection */
$db->close ();
}
问题解决后请告诉我。