我是 MySQL 新手。我创建了一个登录页面,它将运行 PHP 来查询数据库。
我想制作一个准备好的语句来防止 SQL 注入(inject),但它不起作用。 $result 给我 0。
cgi-bin/welcome.php
<?php
$email= $_POST["email"];
$pwd = $_POST["password"];
$dbh=mysqli_connect("localhost",
"zzengnin",<password>,"zzengnin_wheel")
or die ('Database is not able to connect');
$qry= "SELECT email FROM Info WHERE email=? AND pw=?";
if ($stmt = mysqli_prepare($link, $qry)) {
mysqli_stmt_bind_param($stmt, "ss", $email, $pwd);
mysqli_stmt_execute($stmt);
mysqli_stmt_bind_result($stmt, $result);
mysqli_stmt_fetch($stmt);
printf("result email is %s\n", $result);
}
if(mysqli_num_rows($result)>0)
{
echo "Welcome! '$email', you are officially logged in! ";
}
else{
echo "Your Email or Password is WRONG!!!!";
echo $result + " result";
}
mysqli_stmt_close($stmt);
mysqli_close($dbh);
?>
这是表单login.php
<!DOCTYPE html>
<head><title>Wheel Sharing</title>
<link rel = "stylesheet" type = "text/css" href = "CSS/style.css">
</head>
<body>
<h1>Log in</h1>
<form action="cgi-bin/welcome.php" method="post">
Email: <input name="email" type="text" size="20"/>
<br/>
Password: <input name="password" type="password" >
<br/>
<input type="submit" value="Login"/> <input type="reset" value="Reset"/>
</form>
</body>
</html>
感谢所有帮助:)
最佳答案
更改此:
mysqli_stmt_execute($stmt);
对此:
$result = mysqli_stmt_execute($stmt);
关于php - mysql 准备好的语句不起作用,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/26433552/