我正在尝试制作一个基本的登录系统。用户在表单中输入用户名+密码,然后将其发布并在以下代码中使用:
if(isset($_POST['submit'])) {
$sql = "SELECT username, password FROM tbl_users WHERE username = ? AND password = ?";
$stmt = $mysqli->prepare($sql);
if(!$stmt) {
die("Prepare failed: (" . $mysqli->errno . ") " . $mysqli->error);
}
$username = $_POST['username'];
$password = $_POST['password'];
var_dump($username);
var_dump($password);
$bind_result = $stmt->bind_param("ss", $username, $password);
if(!$bind_result) {
echo "Binding failed: (" . $stmt->errno . ") " . $stmt->error;
}
$execute_result = $stmt->execute();
if(!$execute_result) {
echo "Execute failed: (" . $stmt->errno . ") " . $stmt->error;
}
$stmt->bind_result($returned_username, $returned_password);
while($stmt->fetch()) {
var_dump($returned_username);
var_dump($returned_password);
if($username === $returned_username && $password === $returned_password) {
echo "You are now logged in!";
} else {
echo "Incorrect username or password";
}
}
如果我输入正确的用户名和密码,一切正常并且可以正确登录。当我输入不正确的信息(使用错误的密码或不在数据库中的用户名)时,问题就开始出现。 “用户名或密码不正确”这一行根本不起作用。
我对准备好的语句的理解是,一旦绑定(bind)结果,我只能在 while 循环中使用 fetch 访问它们。但是,如果没有找到结果,该循环将永远不会运行,因此我无法测试查询是否找到任何结果。
最佳答案
我建议你,像这样使用它:
if (isset($_POST['submit'])) {
//Checking, is a user exists with these credentials?
$sql = "SELECT COUNT(*) AS cnt FROM tbl_users WHERE username = ? AND password = ?";
$stmt = $mysqli->prepare($sql);
if (!$stmt) {
die("Prepare failed: (" . $mysqli->errno . ") " . $mysqli->error);
}
$bind_result = $stmt->bind_param("ss", $_POST['username'], $_POST['password']);
if (!$bind_result) {
echo "Binding failed: (" . $stmt->errno . ") " . $stmt->error;
}
$execute_result = $stmt->execute();
if (!$execute_result) {
echo "Execute failed: (" . $stmt->errno . ") " . $stmt->error;
}
$stmt->bind_result($cnt);
$stmt->fetch();
if ($cnt > 0) {
echo "You are now logged in!";
} else {
echo "Incorrect username or password";
}
}
关于php - 处理准备好的 select 语句没有返回的结果,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/26610284/