-1

我正在尝试转换为 mysqli,正如预期的那样,我遇到了困难。

我创建了一个如下的登录脚本,它有效,我认为是正确的。(我知道需要对密码进行哈希处理,我只想先启动并运行它)

//  POST variables
$username = ($_POST['username']);
$password = ($_POST['password']);

//Input Validations
if($username == '') {
    $errmsg_arr[] = 'Username required';
    $errflag = true;
}
if($password == '') {
    $errmsg_arr[] = 'Password required';
    $errflag = true;
}

//If there are input validations, redirect back to the login form
if($errflag) {
    $_SESSION['ERRMSG_ARR'] = $errmsg_arr;
    session_write_close();
    header("location: logon.php");
    exit();
}

//prepared statements

if ($stmt = $mysqli->prepare("SELECT username, password FROM auth WHERE username='$username' AND password='$password'")) {
$stmt->execute();

/* bind variables to prepared statement */
$stmt->bind_result($user, $pass);

/* fetch values */
$stmt->fetch();
if ($user == $username && $pass == $password)
{
    printf("Welcome %s", $user);
}
else
{
    printf("Login failed");
}


/* close statement */
$stmt->close();
}
/* close connection */
$mysqli->close();

?>

如果登录通过,我想设置我的会话变量,以前使用 mysqll 我做了以下

$qry="SELECT * FROM auth WHERE username='$username' AND password='$password'";
$result=mysql_query($qry);

//Check whether the query was successful or not
if($result) {
    if(mysql_num_rows($result) > 0) {
        //Login Successful
        session_regenerate_id();
        //Set session variables
        $member = mysql_fetch_assoc($result);
        $_SESSION['SESS_MEMBER_ID'] = $member['ID'];
        $_SESSION['SESS_USERNAME'] = $member['username'];
        $_SESSION['SESS_FIRST_NAME'] = $member['fname'];
        $_SESSION['SESS_PASSWORD'] = $member['password'];
        $_SESSION['SESS_AUTH_LEVEL'] = $member['auth_level'];
        session_write_close();
        header("location: index");
        exit();
    }else {
        //Login failed
        $errmsg_arr[] = 'user name or password not found';
        $errflag = true;
        if($errflag) {
            $_SESSION['ERRMSG_ARR'] = $errmsg_arr;
            session_write_close();
            header("location: logon.php");
            exit();

我认为我的问题是“$member = mysql_fetch_assoc($result);” 我如何在 mysqli 中执行此操作?由于我准备好的语句只绑定用户名和密码,之前我使用了 SELECT * FROM

谢谢

4

1 回答 1

1

您基本上需要使用函数$mysqli->query(string)$mysqli_result->num_rows()$mysqli_result->fetch_assoc()

您的代码可能如下所示:

$mysqli = new mysqli(...);

$qry = "SELECT * FROM auth WHERE username=? AND password=?";
$stmt = $mysqli->prepare($qry);
$stmt->bind_param('ss', $username, $password);

//Check whether the query was successful or not
if($stmt->execute()) {
    $result = $stmt->get_result();
    if($result->num_rows() > 0) {
        session_regenerate_id();
        $member = $result->fetch_assoc();
        $_SESSION['SESS_MEMBER_ID'] = $member['ID'];
        ...
    } else {
        ...
    }
}
...

此处与您的问题没有直接关系,但您可能希望通过替换这两行来正确使用准备好的语句:

if ($stmt = $mysqli->prepare("SELECT username, password FROM auth WHERE username='$username' AND password='$password'")) {
    $stmt->execute();
    ...

用这些:

if ($stmt = $mysqli->prepare("SELECT username, password FROM auth WHERE username=? AND password=?")) {
    $stmt->bind_param('ss', $username, $password);
    $stmt->execute();
    ...
于 2013-06-05T09:05:56.377 回答