0

有人可以解释为什么这会给我一个 500 内部服务器错误吗?我尝试添加一些 sql 注入保护,但我不确定我做错了什么。我应该以面向对象的方式而不是程序方式来做这件事吗?

<?php
$conn = mysqli_connect($host, $user, $pwd)or die("Error connecting to database.");
mysqli_select_db($conn, $db) or die("Couldn't select the database."); 
$username = $_POST['username'];
$password = $_POST['password'];
$stmt = mysqli_stmt_init($conn);
$query = "SELECT * FROM Users WHERE email=? AND password=?";
mysqli_stmt_prepare($stmt, $query) or die("Failed to prepare statement.");
mysqli_stmt_bind_param($stmt, "ss", $username, $password);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
$count = mysqli_num_rows($result);

if($count == 1){
    //Log in successful 
}
else {
    //Wrong Username or Password        
}
mysqli_close($conn);
?>
4

1 回答 1

0

mysqli_stmt_get_result在 PHP 5.3 中可用,但我正在运行 5.1。此外,必须安装 mysqlnd 驱动程序才能使此调用正常工作。

有关更多信息,请参阅调用未定义方法 mysqli_stmt::get_result

于 2013-06-03T17:48:33.960 回答