0

我是他们尝试使用mysqli :: bind_param不成功。在下面的代码中,该函数在页面上使用和login ( )调用。尽管所有的努力和指南和论坛已阅读,继续返回相同的错误。usernamepasswordlogin.php

我都试过了

bind_param ( 's' , $ variable )

这与

bind_param ( 1 , $ variable )

这与

bind_param ( 'ss' , $ variable1 , $ variable2 )

我试过不带''的查询

"SELECT id,org_id,org_group_id,people_id FROM users WHERE username = ? AND password = ?"

我哪里错了?

public function login($_username, $_password) {
    $this->sessionOpen ();

     if ($_username == "") {
        $this->log->error ( "Username vuoto" );
        throw new AuthLoginFailed ();
    }
    if ($_password == "") {
        $this->log->error ( "Password vuota" );
        throw new AuthLoginFailed ();
    }

    $db = new mysqli ( $this->sql ['server'], $this->sql ['username'], $this->sql ['password'], $this->sql ['database'] );
    if (mysqli_connect_errno ()) {
        $this->log->error ( "Errore di connessione a mysql: " . mysqli_error ( $db ) );
        throw new MysqliConnectionError ( "Mysqli error: " . mysqli_error ( $db ) );
    }

    $stmt = $db->prepare ( "SELECT id,org_id,org_group_id,people_id FROM users WHERE 'username' = ? AND 'password' = ?" );
    if (! $stmt) {
        $this->log->error ( "Mysqli prepare error: " . mysqli_error ( $db ) );
        throw new MysqliPrepareException ( "Mysqli error: " . mysqli_error ( $db ) );
    }
    echo md5 ( $_username ) . "---" . md5 ( $_password );
    //on page username and password is showed at this point
    $user=trim(md5 ( $_username ));
    $pass=trim(md5 ( $_password ));
    $stmt->bind_param ( 1,  $user);
    $stmt->bind_param ( 2,  $pass);
    /* Execute it */
    $stmt->execute ();
    if (! $stmt) {
        $this->log->error ( "Mysqli prepare error: " . mysqli_error ( $db ) );
        throw new MysqliExecuteException ( "Mysqli error: " . mysqli_error ( $db ) );
    }


    $stmt->fetch($rst);

    echo "results: " . $rst->num_rows; //output of this: results:

    if ($rst->num_rows == 0) {
        throw new AuthLoginFailed ();
    }



    /* Close statement */
    $stmt->close ();

    /* Close connection */
    $db->close ();
}

apache日志中的错误是

[Sat Oct 24 08:52:04 2015] [error] [client 192.168.253.6] PHP Warning:  mysqli_stmt::bind_param(): Number of variables doesn't match number of parameters in prepared statement in /www/gexy/XXXX/html/lib/Auth.php on line 77, referer: https://gexy.it/login.php
[Sat Oct 24 08:52:04 2015] [error] [client 192.168.253.6] PHP Warning:  mysqli_stmt::bind_param(): Number of variables doesn't match number of parameters in prepared statement in /www/gexy/XXXX/html/lib/Auth.php on line 78, referer: https://gexy.it/login.php

非常感谢大家

4

1 回答 1

1

修改为:

$stmt->bind_param ("ss", $user, $pass); 因为在 bind_param() 中没有定义 1 种数据类型。bind_param() 将采用两个参数,第一个是类型 (i, d, s, b),在您的查询中对应数据类型(?),第二个参数是值。

建议是:

  1. 不要与 == 比较空字符串,因为如果用户输入的 3 个空格将不相等。使用 empty() 检查是否为空字符串。

  2. 不要调用不必要的方法,它没有任何意义,例如:在您的代码中调用trim()after md5()md5()不会返回任何空白字符。所以打电话trim(md5($username))的意义不大。

尝试用我的代码替换您的代码,希望您的问题得到解决。

public function login($_username, $_password) {
$this->sessionOpen ();

 if (empty($_username)) {
    $this->log->error ( "Username vuoto" );
    throw new AuthLoginFailed ();
}
if (empty($_password)) {
    $this->log->error ( "Password vuota" );
    throw new AuthLoginFailed ();
}

$db = new mysqli ( $this->sql ['server'], $this->sql ['username'], $this->sql ['password'], $this->sql ['database'] );
if (mysqli_connect_errno ()) {
    $this->log->error ( "Errore di connessione a mysql: " . mysqli_error ( $db ) );
    throw new MysqliConnectionError ( "Mysqli error: " . mysqli_error ( $db ) );
}

$stmt = $db->prepare ( "SELECT id,org_id,org_group_id,people_id FROM users WHERE 'username' = ? AND 'password' = ?" );
if (! $stmt) {
    $this->log->error ( "Mysqli prepare error: " . mysqli_error ( $db ) );
    throw new MysqliPrepareException ( "Mysqli error: " . mysqli_error ( $db ) );
}
echo md5 ( $_username ) . "---" . md5 ( $_password );
//on page username and password is showed at this point
$user=md5 ( $_username );
$pass=md5 ( $_password );
$stmt->bind_param ( "ss",  $user,$pass);
/* Execute it */
$stmt->execute ();
if (! $stmt) {
    $this->log->error ( "Mysqli prepare error: " . mysqli_error ( $db ) );
    throw new MysqliExecuteException ( "Mysqli error: " . mysqli_error ( $db ) );
}


$stmt->fetch($rst);

echo "results: " . $rst->num_rows; //output of this: results:

if ($rst->num_rows == 0) {
    throw new AuthLoginFailed ();
}



/* Close statement */
$stmt->close ();

/* Close connection */
$db->close ();
}

一旦你的问题得到解决,请告诉我。

于 2015-10-24T07:57:00.727 回答