0

我的登录表单有一点问题。我认为问题在于 mysqli 代码,因为当代码是旧的 mysql 代码时,登录可以正常工作,但是自从我将其更改为 mysqli 后,它就不能正常工作了。

假设发生的是用户将在登录表单中输入他们的用户名和密码,当用户单击“登录”按钮时,如果用户名和密码正确,它将检查数据库。如果正确,则导航到 menu.php 页面,否则如果登录不正确,则显示一条消息,指出登录不正确,然后重试。

相反,下面的代码正在做的是,当用户输入他们的用户名和密码并单击“登录”按钮时,无论用户名和密码是否正确,它都会刷新来自,它不会导航到菜单。 php 页面或显示登录错误消息。

所以我的问题是为什么会发生这种情况,为什么登录后它不导航用户或显示不正确的登录消息?

代码已更新以显示当前代码:

<?php

ini_set('display_errors',1); 
 error_reporting(E_ALL);

    // PHP code
    session_start(); 

    $username="xxx";
    $password="xxx";
    $database="mobile_app";

    $mysqli = new mysqli("localhost", $username, $password, $database)or die( "Unable to select database");

    foreach (array('teacherusername','teacherpassword') as $varname) {
            $$varname = (isset($_POST[$varname])) ? $_POST[$varname] : '';
          }

    // move this outside the condiitonal
    $loged = false;

    if (isset($_POST['submit'])) {

    $query = $mysqli->prepare("
    SELECT * FROM Teacher t  
    WHERE 
    (t.TeacherUsername=?)
    AND
    (t.TeacherPassword=?)
    ");

   $stmt=$mysqli->prepare($query);
   $stmt->bind_param("s",$teacherusername);
   $stmt->bind_param("s",$teacherpassword);

   $stmt->execute(); 

   $stmt->bind_result($TeacherId,$TeacherForename,$TeacherSurname,$TeacherUsername,$TeacherPassword);

    while($row=$stmt->fetch())
      {

          if ($_POST['teacherusername'] == ($row['TeacherUsername']) && $_POST['teacherpassword'] == ($row['TeacherPassword']))
          {
              $loged = true;
          }

$_SESSION['teacherforename'] = $row['TeacherForename'];
$_SESSION['teachersurname'] = $row['TeacherSurname'];
$_SESSION['teacherusername'] = $row['TeacherUsername'];

      }

      if ($loged == true){
      header( 'Location: menu.php' ) ;
    }
    }

     ?>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Teacher Login </title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="stylesheet" type="text/css" href="LoginStyle.css">
</head>
<body>
<?php if ($loged == false && $_POST) {
  echo "The Username or Password that you Entered is not Valid. Try Entering it Again.";
  }
?>
<form action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>" method="post" id="teachLoginForm">        
    <p>Username</p><p><input type="text" name="teacherusername" /></p>      <!-- Enter Teacher Username-->
    <p>Password</p><p><input type="password" name="teacherpassword" /></p>  <!-- Enter Teacher Password--> 
    <p><input id="loginSubmit" type="submit" value="Login" name="submit" /></p>
    </form>

</body>
</html>

更新:

我已打开错误报告,并使用从其中一个答案中检索到的上述代码,它给了我一个警告和一个致命错误,如下所示:

Warning: mysqli::prepare() expects parameter 1 to be string, object given in /web/stud/xxx/Mobile_app/teacherlogin.php on line 33

Fatal error: Call to a member function bind_param() on a non-object in /web/stud/xxx/Mobile_app/teacherlogin.php on line 34

这些是什么意思,有没有人知道如何解决它们?我更新了上面的代码以显示当前代码。

4

2 回答 2

1

更新/编辑:

根据您的评论,我再次查看了您的 mysqli 代码,并注意到您犯了许多错误(多个 prepare 和 bind_result 语句以及其他一些事情)。我已经更新了下面的代码,它做了一些改进/应该可以解决您的问题。我不太确定您的数据库架构,但是最好实际说明您想要的列,而不是使用 (*),就好像您将来添加另一列并且不更新代码一样,它会破坏您的mysqli 语句作为 bind_result 将与您的查询不匹配。

<?php
  // PHP code
  session_start(); 

  $username="xxx";
  $password="xxx";
  $database="mobile_app";

  $mysqli = new mysqli("localhost", $username, $password, $database);

  /* check connection */
  if (mysqli_connect_errno()) {
    printf("Connect failed: %s\n", mysqli_connect_error());
    die();
  }

  // required variables (make them explciit no need for foreach loop)
  $teacherusername = (isset($_POST['teacherusername'])) ? $_POST['teacherusername'] : '';
  $teacherpassword = (isset($_POST['teacherpassword'])) ? $_POST['teacherpassword'] : '';
  $loggedIn = false;

  if (isset($_POST['submit'])) {

    // don't use $mysqli->prepare here
    $query = "SELECT * FROM Teacher WHERE TeacherUsername = ? AND TeacherPassword = ? LIMIT 1";
    // prepare query
    $stmt=$mysqli->prepare($query);
    // You only need to call bind_param once
    $stmt->bind_param("ss",$teacherusername,$teacherpassword);
    // execute query
    $stmt->execute(); 
    // get result and assign variables (prefix with db)
    $stmt->bind_result($dbTeacherId,$dbTeacherForename,$dbTeacherSurname,$dbTeacherUsername,$dbTeacherPassword);

    while($stmt->fetch()) {
      if ($teacherusername == $dbTeacherUsername && $teacherpassword == $dbTeacherPassword) {
        $loggedIn = true;
      }
    }

    /* close statement */
    $stmt->close();

    /* close connection */
    $mysqli->close();

    if ($loggedIn == true){
      // left your session code as is - but think wisely about using
      // the Username as a session variable (security risk)
      $_SESSION['teacherforename'] = $dbTeacherForename;
      $_SESSION['teachersurname'] = $dbTeacherSurname;
      $_SESSION['teacherusername'] = $dbTeacherUsername;
      header( 'Location: menu.php' ) ;
      die();
    }
  }
?>
<html>
<head></head>
<body>
  <?php if ($loggedIn == false && $_POST) {
    echo "The Username or Password that you Entered is not Valid. Try Entering it Again.";
    }
  ?>
  <form action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>" method="post" id="teachLoginForm">        
  <p>Username</p><p><input type="text" name="teacherusername" /></p>      <!-- Enter Teacher Username-->
  <p>Password</p><p><input type="password" name="teacherpassword" /></p>  <!-- Enter Teacher Password--> 
  <p><input id="loginSubmit" type="submit" value="Login" name="submit" /></p>
  </form>
</body>
</html>

更新/编辑: 注意我已经更改了这个文本,因为它现在没有意义我已经重写了你的大部分代码。如果上述方法不起作用(因为您仍然收到 mysqli 错误),则意味着您的教师表有超过 5 列。

一个重要的 FYI 将是 $mysqli->prepare 和 $stmt->bind_result 语句之间的连接,这些语句需要根据所选列的数量进行匹配。您可以随意命名 bind_result 中的变量,但变量的数量需要与您在 SELECT 语句中选择的列数相匹配,因此为什么显式命名列总是比 (*) 更好。

于 2012-06-11T19:30:30.523 回答
0

您需要移动 HTML。您在 html 之后有一个输入表单的 IF。如果如下所示,则将 html 添加到 else 中: 

session_start(); 

$username="xxx";
$password="xxx";
$database="mobile_app";

$mysqli = new mysqli("localhost", $username, $password, $database)or die( "Unable to select database");

foreach (array('teacherusername','teacherpassword') as $varname) {
        $$varname = (isset($_POST[$varname])) ? $_POST[$varname] : '';
      }

if (isset($_POST['submit'])) {

$query = $mysqli->prepare("
SELECT * FROM Teacher t  
WHERE 
(t.TeacherUsername=?)
AND
(t.TeacherPassword=?)
");

$loged = false;

$stmt=$mysqli->prepare($query);
$stmt->bind_param("s",$teacherusername);
$stmt->bind_param("s",$teacherpassword);

$stmt->execute(); 



$stmt->bind_result($TeacherId,$TeacherForename,
                    $TeacherSurname,$TeacherUsername,$TeacherPassword);

while($row=$stmt->fetch())
  {

      if ($_POST['teacherusername'] == ($row['TeacherUsername']) && $_POST['teacherpassword'] == ($row['TeacherPassword']))
      {
          $loged = true;
      }

   $_SESSION['teacherforename'] = $row['TeacherForename'];
   $_SESSION['teachersurname'] = $row['TeacherSurname'];
   $_SESSION['teacherusername'] = $row['TeacherUsername'];

  }

  if ($loged == true){
  header( 'Location: menu.php' ) ;
}else{
  echo "The Username or Password that you Entered is not Valid. Try Entering it Again.";
}


}else{
?>
<form action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>" method="post" id="teachLoginForm">        
<p>Username</p><p><input type="text" name="teacherusername" /></p>      <!-- Enter Teacher Username-->
<p>Password</p><p><input type="password" name="teacherpassword" /></p>  <!-- Enter Teacher Password--> 
<p><input id="loginSubmit" type="submit" value="Login" name="submit" /></p>
</form>
<?php
}
 ?>
于 2012-06-11T16:18:17.183 回答