$name = $_GET['user'];
if(isset($_GET['user']) && strlen($_GET['user'])>0) {
$mysqli = new mysqli($dbhost, $dbuser, $dbpass, $db);
$stmt = $mysqli->prepare("SELECT username FROM users WHERE username=?");
$stmt->bind_param('s', $name);
$stmt->execute();
while($stmt->fetch()) {
if($stmt->num_rows == 0) {
header("Location: home?errormsg=notfound");
exit();
}
}
$stmt->store_result();
$stmt->close();
}
$mysqli->close();
因此,上面的代码检查数据库中是否存在 $_GET['name'] ,如果不存在,则重定向到 home?errormsg=notfound 但它将数据库中存在的用户名重定向到链接'home?errormsg=notfound' 也是如此。您能提出解决这个问题的方法吗?
最佳答案
您必须在 $stmt->num_rows 之前调用 $stmt->store_result()。
并且您的 $stmt->fetch() 不是必需的,因为您不使用所选数据。
如果您在 num_rows 之后调用 store_result() ,它将不起作用。
来自manual page的部分评论:
If you do not use mysqli_stmt_store_result( ), and immediatley call this function after executing a prepared statement, this function will usually return 0 as it has no way to know how many rows are in the result set as the result set is not saved in memory yet.
因此您的代码应如下所示:
$name = $_GET['user'];
if(isset($_GET['user']) && strlen($_GET['user'])>0) {
$mysqli = new mysqli($dbhost, $dbuser, $dbpass, $db);
$stmt = $mysqli->prepare("SELECT username FROM users WHERE username=?");
$stmt->bind_param('s', $name);
$stmt->execute();
$stmt->store_result();
if($stmt->num_rows == 0) {
header("Location: home?errormsg=notfound");
exit();
}
$stmt->close();
}
$mysqli->close();
关于PHP - MySQLi 准备好的语句,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/21112774/