php - 准备好的语句 SQL

Question

stackoverflow.com 的问候社区。

我正在尝试学习准备好的语句，但我确实收到一条错误消息
我无法解决的。显然，我知道这是什么错误，但我不知道如何解决它。

错误消息:警告:mysqli_stmt::bind_result():绑定(bind)变量的数量与第 69 行准备好的语句中的字段数量不匹配

<?php
if(isset($_POST["submit"])){
    //Connect
$mysqli = new mysqli("localhost", "member", "xxxxxx", "websecurity");

if($mysqli->connect_errno) {
  die("Connect failed: (" . $mysqli->connect_errno . ") " . $mysqli->connect_error);
}
//Submitt pushed
if(!empty($_POST['user']) && !empty($_POST['pass'])) {
    $user= strip_tags($_POST['user']);
    $pass= strip_tags($_POST['pass']);

$user = $mysqli->real_escape_string($user);
$pass = $mysqli->real_escape_string($pass);


// Prepare
    $sql = "SELECT * FROM login WHERE username = ? AND password = ?";
    $stmt = $mysqli->prepare($sql);

if(!$stmt) {
    die("Prepare failed: (" . $mysqli->errno . ") " . $mysqli->error);
}

//Prepared statements

$bind_result = $stmt->bind_param("ss", $user, $pass);
if(!$bind_result) {
echo "Bind failed: (" . $stmt->errno . ") " . $stmt->error;
    }


//Lets execute this

//Give a value to statements
    $user =0;
    $pass ='';

                $execute_result = $stmt->execute();
                if(!$execute_result) {
                     echo "Execute failed: (" . $stmt->errno . ") " . $stmt->error;
                }

        // This line->      $stmt->bind_result($user, $pass);



                $success = mysqli_query($connectt, $sql) or die (mysqli_error($connectt));
                if (mysqli_num_rows($success) === 1){
                    mysqli_query($connectt, $sql) or die (mysqli_error($connectt));
                    mysqli_close ($connectt);

                    header("Location: index.php");
                }
                else {
                    echo "Wrong name!";
                }



        $stmt->free_result();
        $stmt->close();
        }
        }
    ?>

如您所知，这是一个登录表单。 html 不相关，所以我不会发布它，但我会发布包含连接文件。希望比我受过更多教育的人能够发现我看不到的错误，以及我是否遗漏了任何重要的东西。

包括:

<?php
$connectt = mysqli_connect("localhost","member","xxxxxx","websecurity");

// Check connection
if (mysqli_connect_errno())
  {
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
  }

  ?>

星期五快乐!

Answer 1

尝试以下代码:

更新:

<?php  
if(isset($_POST["submit"])){
    //Connect
    $mysqli = new mysqli("localhost", "member", "xxxxxx", "websecurity");

    if($mysqli->connect_errno) {
        die("Connect failed: (" . $mysqli->connect_errno . ") " . $mysqli->connect_error);
    }
    //Submitt pushed
    if(!empty($_POST['username']) && !empty($_POST['password'])) {
        $username= strip_tags($_POST['username']);
        $password= strip_tags($_POST['password']);

        $username = $mysqli->real_escape_string($username);
        $password = $mysqli->real_escape_string($password);


        // Prepare
        $sql = "SELECT username,password FROM login WHERE username = ? AND password = ?";
        $stmt = $mysqli->prepare($sql);
        $bind_result = $stmt->bind_param("ss", $username, $password);
        $stmt->execute();
        $stmt->store_result();
        if ($stmt->num_rows === 1){
            header("Location: index.php");
        }
        else {
            echo "Wrong name!";
        }


        $stmt->free_result();
        $stmt->close();
    }
}
?>

在 之前

<?php
if(isset($_POST["submit"])){
    //Connect
    $mysqli = new mysqli("localhost", "member", "xxxxxx", "websecurity");

    if($mysqli->connect_errno) {
        die("Connect failed: (" . $mysqli->connect_errno . ") " . $mysqli->connect_error);
    }
    //Submitt pushed
    if(!empty($_POST['username']) && !empty($_POST['password'])) {
        $username= strip_tags($_POST['username']);
        $password= strip_tags($_POST['password']);

        $username = $mysqli->real_escape_string($username);
        $password = $mysqli->real_escape_string($password);


        // Prepare
        $sql = "SELECT username,password FROM login WHERE username = ? AND password = ?";
        $stmt = $mysqli->prepare($sql);

        if(!$stmt) {
            die("Prepare failed: (" . $mysqli->errno . ") " . $mysqli->error);
        }

        //Prepared statements

        $bind_result = $stmt->bind_param("ss", $username, $password);
        if(!$bind_result) {
            echo "Bind failed: (" . $stmt->errno . ") " . $stmt->error;
        }


        //Lets execute this

        //Give a value to statements
        $username =0;
        $password ='';

        $execute_result = $stmt->execute();
        if(!$execute_result) {
            echo "Execute failed: (" . $stmt->errno . ") " . $stmt->error;
        }

        $stmt->bind_result($username, $password);



        $success = mysqli_query($connectt, $sql) or die (mysqli_error($connectt));
        if (mysqli_num_rows($success) === 1){
            mysqli_query($connectt, $sql) or die (mysqli_error($connectt));
            mysqli_close ($connectt);

            header("Location: index.php");
        }
        else {
            echo "Wrong name!";
        }



        $stmt->free_result();
        $stmt->close();
    }
}
?>