以下代码应该适用于输入用户名或电子邮件的用户。
如果我使用如下代码,似乎 $resultCheck 返回空,因此给出错误。变量 $userName 应该传递用户在相应输入字段中输入的任何内容,但是使用以下代码,它似乎没有将任何内容传递给查询:
$userName = mysqli_real_escape_string($conn, $_POST['username']);
$userPassword = mysqli_real_escape_string($conn, $_POST['userpassword']);
if (empty($userName) || empty ($userPassword)) {
header("Location: ../signup.php?login=error");
exit();
} else {
//Create a template
$sql = "SELECT * FROM users WHERE user_name = ? OR user_email=?;";
//Create a prepared statement
$stmt = mysqli_stmt_init($conn);
//prepare prepared statement
if (!mysqli_stmt_prepare($stmt, $sql)) {
echo "SQL failed";
} else {
//Bind parameters to the placeholder
mysqli_stmt_bind_param($stmt, "s", $userName);
//run params
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
$resultCheck = mysqli_num_rows($result);
echo $resultCheck;
if ($resultCheck < 1) {
header("Location: ../signup.php?login=error");
exit();
} else {
if ($row = mysqli_fetch_assoc($result)) {
$pwVeryfied = password_verify($userPassword, $row['user_password']);
if ($pwVeryfied == true){
//login here
$_SESSION['u_id'] = $row['user_id'];
$_SESSION['u_name'] = $row['user_name'];
$_SESSION['u_email'] = $row['user_email'];
header("Location: ../index.php?login=success");
} else {
header("Location: ../signup.php?login=error");
exit();
}
}
}
}
}
最后一行
echo $resultCheck;不给出任何东西。如果我像这样更改代码:$sql = "SELECT * FROM users WHERE user_name = ?;"
echo $resultCheck给出值 1 ,就像它应该的那样。有人知道如何解决这个问题吗?
最佳答案
解决方案:
我不得不改变
mysqli_stmt_bind_param($stmt, "s", $userName);
进入
mysqli_stmt_bind_param($stmt, "ss", $userName, $userName);
我的逻辑是,因为我只想检查电子邮件或用户名,所以我只需要绑定(bind)一个参数,但显然情况并非如此。
所以我的代码现在看起来像这样:
$userName = mysqli_real_escape_string($conn, $_POST['username']);
$userPassword = mysqli_real_escape_string($conn, $_POST['userpassword']);
if (empty($userName) || empty ($userPassword)) {
header("Location: ../signup.php?login=error");
exit();
} else {
//Create a template
$sql = "SELECT * FROM users WHERE user_name = ? OR user_email=?;";
//Create a prepared statement
$stmt = mysqli_stmt_init($conn);
//prepare prepared statement
if (!mysqli_stmt_prepare($stmt, $sql)) {
echo "SQL failed";
} else {
//Bind parameters to the placeholder
mysqli_stmt_bind_param($stmt, "ss", $userName, $userName);
//run params
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
$resultCheck = mysqli_num_rows($result);
echo $resultCheck;
if ($resultCheck < 1) {
header("Location: ../signup.php?login=error");
exit();
} else {
if ($row = mysqli_fetch_assoc($result)) {
$pwVeryfied = password_verify($userPassword, $row['user_password']);
if ($pwVeryfied == true){
//login here
$_SESSION['u_id'] = $row['user_id'];
$_SESSION['u_name'] = $row['user_name'];
$_SESSION['u_email'] = $row['user_email'];
header("Location: ../index.php?login=success");
} else {
header("Location: ../signup.php?login=error");
exit();
}
}
}
}
}
关于php:如何使用准备好的语句从 sql 获取用户名或电子邮件,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/50736800/