0

我正在尝试使用 . 将我当前的数据库从纯文本密码更新为哈希密码crypt()。我正在尝试这样做,而用户不必更改密码(这是一种不稳定的方法)我的代码是这样的:

$Query = $Database->prepare("SELECT ID,Username,Password FROM userlist");
$Query->execute();
$Query->bind_result($ID,$Username,$Password);
   while ($Query->fetch()){
      $Hashed = $FrameWork->Hash_Password($Password);
       $Secondary_Query = $Database->prepare("UPDATE userlist SET Password=?, Salt=? WHERE ID=?");
       $Secondary_Query->bind_param('ssi', $Hashed['Password'],$Hashed['Salt'],$ID);
       $Secondary_Query->execute();
       $Secondary_Query->close();
   }
$Query->close();

我收到错误:

致命错误:在第 24 行的 C:\inetpub\www\AdminChangeTextPass.php 中的非对象上调用成员函数 bind_param()

现在。我知道我的列名和我的数据库名 100% 匹配。我也知道我的变量设置正确。

调试

调试:

$Query = $Database->prepare("SELECT ID,Username,Password FROM userlist");
$Query->execute();
$Query->bind_result($ID,$Username,$Password);
   while ($Query->fetch()){
      echo $Password."<br>";
   }
$Query->close();
// Returns: 
//test
//test

Then: 
$Query = $Database->prepare("SELECT ID,Username,Password FROM userlist");
$Query->execute();
$Query->bind_result($ID,$Username,$Password);
   while ($Query->fetch()){
      print_r($FrameWork->Hash_Password($Password));
   }
$Query->close();

/*
Returns: 
Array ( [Salt] => ÛûÂÒs8Q-h¸Ý>c"ÿò [Password] => Ûûj1QnM/Ui/16 )

Array ( [Salt] => ÛûÂÒs8Q-h¸Ý>c"ÿò [Password] => Ûûj1QnM/Ui/16 ) 

*/

数据库模式

CREATE TABLE IF NOT EXISTS `userlist` (
  `ID` int(255) NOT NULL AUTO_INCREMENT,
  `Username` varchar(255) NOT NULL,
  `Password` varchar(255) NOT NULL,
  `Salt` text NOT NULL,
  PRIMARY KEY (`ID`)
) ENGINE=InnoDB  DEFAULT CHARSET=latin1 AUTO_INCREMENT=9 ;

--
-- Dumping data for table `userlist`
--

INSERT INTO `userlist` (`ID`, `Username`, `Password`, `Salt`) VALUES
(1, 'test', 'test', ''),
INSERT INTO `userlist` (`ID`, `Username`, `Password`, `Salt`) VALUES
(2, 'test', 'test', '');

让我的代码如下所示:

$Secondary_Query = $Database->prepare("UPDATE userlist SET Password=? WHERE ID=?");
$Query = $Database->prepare("SELECT ID,Username,Password FROM userlist LIMIT 1");
    var_dump($Secondary_Query);
#$Query->execute();
#$Query->bind_result($ID,$Username,$Password);
#   while ($Query->fetch()){
#       $Hashed = $FrameWork->Hash_Password($Password);
#       $Secondary_Query = $Database->prepare("UPDATE userlist SET Password=? WHERE ID=?");
#             $Secondary_Query->bind_param('ssi', $Hashed['Password'],$Hashed['Salt'],$ID);
#       $Secondary_Query->execute();
      # $Secondary_Query->close();
#   }
#$Query->close();

var_dump($Secondary_Query);回报:

object(mysqli_stmt)#3 (10) { ["affected_rows"]=> int(-1) ["insert_id"]=> int(0) ["num_rows"]=> int(0) ["param_count"]=> int(2)

["field_count"]=> int(0) ["errno"]=> int(0) ["error"]=> string(0) "" ["error_list"]=> array(0) { } [" sqlstate"]=> 字符串(5) "00000" ["id"]=> int(1) }

var_dump($Query);返回:

object(mysqli_stmt)#4 (10) { ["affected_rows"]=> int(-1) ["insert_id"]=> int(0) ["num_rows"]=> int(0) ["param_count"]= > int(0) ["field_count"]=> int(3) ["errno"]=> int(0) ["error"]=> string(0) "" ["error_list"]=> array(0 ) { } ["sqlstate"]=> string(5) "00000" ["id"]=> int(2) }

由于我还不能提交答案。我的工作代码如下:

$Query = $Database->prepare("SELECT ID,Username,Password FROM userlist");
$Query->execute();
$Query->bind_result($ID,$Username,$Password);
$Query->store_result();
   while ($Query->fetch()){
       $Hashed = $FrameWork->Hash_Password($Password);
       $Secondary_Query = $Database->prepare("UPDATE userlist SET Password=?, Salt=? WHERE ID=?");
       $Secondary_Query->bind_param('ssi', $Hashed['Password'],$Hashed['Salt'],$ID);
       $Secondary_Query->execute();
       $Secondary_Query->close();
   }
$Query->close();
4

1 回答 1

1

编辑:启用更详细的错误报告是帮助调试问题的关键:mysqli_report(MYSQLI_REPORT_ALL)

以下答案来自此处发布的另一个 SO 问题。

您不能同时进行两个查询,因为 mysqli 默认使用无缓冲查询(对于准备好的语句;对于 vanilla 则相反mysql_query)。您可以将第一个获取到数组中并循环遍历,或者告诉 mysqli 缓冲查询(使用$Query->store_result())。

有关详细信息,请参见此处

于 2013-05-19T00:37:13.697 回答