2

我正在学习使用一些基于 mysqli 的视频教程制作网站。我开始知道使用准备好的语句更安全,我正在尝试创建一个登录系统。这是我到目前为止所做的。

这段代码帮助我完全登录成功。

<form action ="" method="post">

User Name:<br/>
<input type='text' name='username' />
<br/><br/>
Password:<br/>
<input type='password' name='password' />
<br/><br/>
<input type='submit' name='submit' value='login'>
</form>
<?php

if(isset($_POST['submit'])){
    $username = $_POST['username'];
    $password = md5($_POST['password']);
    $stmt = $con->prepare("SELECT username, password FROM users WHERE username=? AND  password=? LIMIT 1");
    $stmt->bind_param('ss', $username, $password);
    $stmt->execute();
    $stmt->bind_result($username, $password);
    $stmt->store_result();
    if($stmt->num_rows == 1)  //To check if the row exists
        {
            while($stmt->fetch()) //fetching the contents of the row

              {$_SESSION['Logged'] = 1;
               $_SESSION['username'] = $username;
               echo 'Success!';
               exit();
               }
        }
        else {
            echo "INVALID USERNAME/PASSWORD Combination!";
        }
        $stmt->close();
    }
    else 
    {   

    }
    $con->close();
?>

但我还需要检查用户是否未激活或已被禁止或停用。所以我又做了一个代码。

这是我制作的代码

<?php
if(isset($_POST['submit'])){
$username = $_POST['username'];
$password = md5($_POST['password']);
$stmt = $con->prepare("SELECT username, password FROM users WHERE username=? AND    password=? LIMIT 1");
$stmt->bind_param('ss', $username, $password);
$stmt->execute();
$stmt->bind_result($username, $password);
$stmt->store_result();
if($stmt->num_rows == 1)  //To check if the row exists
  {
 $result=$con->query($stmt);
            $row=$result->fetch_array(MYSQLI_ASSOC);
            $user_id= $row['user_id'];
            $status = $row['status'];
            if($status=='d'){
                echo "YOUR account has been DEACTIVATED.";
            }else{
                $_SESSION['Logged'] = 1;
                $_SESSION['user_id'] = $user_id;
                $_SESSION['username'] = $username;
                echo 'Success!';
               exit();
            }
        }
        else {
            echo "INVALID USERNAME/PASSWORD Combination!";
        }
        $stmt->free_result();
        $stmt->close();
        
    }
    else 
    {   

    }
 $con->close();
 ?>

当我使用它时,我收到以下错误

警告:mysqli::query() 期望参数 1 是字符串,对象在第 33 行的 F:\XAMPP\htdocs\login\login.php 中给出

致命错误:在第 34 行对 F:\XAMPP\htdocs\login\login.php 中的非对象调用成员函数 fetch_array()

我有数据库表列

user_id、用户名、密码 (md5)、user_level、状态。

在 user_level 我有以下

a = admin
m = member

处于状态

a = activated
n = not activated
d = deactivated
b = banned

在登录时,我需要检查用户状态,如果它被激活,它应该移动到索引页面,或者如果它是 d,它应该显示用户已被停用,其他人也是如此。

如何在准备好的语句中做到这一点?

我在所有页面中都有这个 connect.php

?php
//error_reporting(0);
'session_start';
$con = new mysqli('localhost', 'username', 'password', 'database');
if($con->connect_errno > 0){
die('Sorry, We\'re experiencing some connection problems.');
}
?>
4

1 回答 1

10

我认为你需要看看 mysqli_ 是如何工作的。这应该让你朝着正确的方向前进。

if(isset($_POST['submit'])){
    $username = $_POST['username'];
    $password = md5($_POST['password']);
    $user_id = 0;
    $status = ""

    $stmt = $con->prepare("SELECT user_id, username, password, status FROM users WHERE username=? AND password=? LIMIT 1");
    $stmt->bind_param('ss', $username, $password);
    $stmt->execute();
    $stmt->bind_result($user_id, $username, $password, $status);
    $stmt->store_result();
    if($stmt->num_rows == 1)  //To check if the row exists
        {
            if($stmt->fetch()) //fetching the contents of the row
            {
               if ($status == 'd') {
                   echo "YOUR account has been DEACTIVATED.";
                   exit();
               } else {
                   $_SESSION['Logged'] = 1;
                   $_SESSION['user_id'] = $user_id;
                   $_SESSION['username'] = $username;
                   echo 'Success!';
                   exit();
               }
           }

    }
    else {
        echo "INVALID USERNAME/PASSWORD Combination!";
    }
    $stmt->close();
}
else 
{   

}
$con->close();
于 2013-07-03T16:13:35.873 回答