0

我对 mySQLibind_params和其他相关方法有点迷失了。到目前为止,我已经使用类结构构建了一个登录脚本。

$qu = $this->DBH->prepare("SELECT * FROM CVUSERS WHERE username = ? AND password = ?");
$qu->bind_params('ss',$username,$password);

现在这就是我迷路的地方。作为登录脚本,我想确保我的查询只有一个结果。如何从查询字符串中返回 int 或 boolean?

bind_result($result);
if($result === 1){
    //this identical statement doesn't work :S
    //using an equals statements works for every entry. Even invalid ones.
    //I've found $result will always equal 1, there is more than one row in my table
}
4

4 回答 4

2

Mysqli 对预处理语句的支持非常难看。因此,您无法轻松获取信息。
由于某种原因,它总是需要一些奇怪的函数来调用。这就是你的怀疑的来源。
bind_result() 实际上什么也不做。只有在您调用 fetch() 后它才会开始工作。所以你在你的代码中看到了。

另一种方法是不选择 count() 而是选择数据本身,就像您最初所做的那样,并检查返回的行数。但它仍然需要另一个函数调用

$qu->execute();
$qu->store_result();
if($qu->num_rows){
    $this->_constructSessions($username);
}

但是,如果我是你,我或多或少会这样

$qu = $this->DBH->prepare("SELECT COUNT(*) FROM CVUSERS WHERE username= ? AND password = ? ");
$qu->bind_param('ss',$username,$password);
$qu->execute();
$res = $stmt->get_result();
$row = $res->fetch_array();
if($row){
    $this->_constructSessions($row);
}

但它仍然很辛苦和丑陋。
这就是为什么我从不使用原生准备好的语句。所以,我做到了

$sql = "SELECT * FROM CVUSERS WHERE username=?s AND password=?s";
if ($row = $db->getRow($sql,$username,$password)) {
    $this->_constructSessions($row);
}
于 2012-12-13T20:44:09.477 回答
1

从 PHP 页面mysqli_stmt::bind_result

Returns TRUE on success or FALSE on failure.

所以我会假设使用:

if($result){
//no errors here! success! add additional code here
}

会工作。

于 2012-12-07T17:45:57.497 回答
0

I found the solution to be a little different to what I expected and I don't believe it's the correct answer to my question still. Thank you for your answers I'm sure they are are both correct but they didn't work for one reason or another :S. I would have used those methods myself anyway. I used this source code in the end:

//I used $resulte in case of redeclaration.
if($qu->fetch() && $resulte === 1){
    $this->_constructSessions($username);
}
else {
    //no access
}

I don't why but when using if($result === 1) the operation would always return false. So I presumed it was returning an string instead. But if you use if($result == 1 && $qu->fetch()) the operation would return false again.

my whole code:

$qu = $this->DBH->prepare("SELECT COUNT(*) FROM CVUSERS WHERE username= ? AND password = ? ");
$qu->bind_param('ss',$username,$password);
$qu->execute();
$qu->bind_result($resulte);     
if($qu->fetch() && $resulte === 1){
    $this->_constructSessions($username);
}
else {
    return array('error'=>true , 'content'=>'<div id="overlay"></div><div id="fail"><h1>Failed login</h1><p><a href="" id="newLogin">Click Here.</a> To request a new login</p><p><a href="" id="try">Or try again?</a></p></div>');
    sleep(1);
}

I'm still unsure why this operation works for this query and other don't. If any one can spot anything let me know.

于 2012-12-10T15:24:01.497 回答
0

尝试如下

if (($res = $qu->get_result())) {
    //so your query is right
    //now check how many rows return from your query
    if($res->num_rows > 0){
       //username and password exist so logged in
    }
    else { 
       //something wrong
    }
}
于 2012-12-07T17:55:00.510 回答