mysqli以登录形式准备的声明不起作用?

时间:2014-04-13 11:19:46

标签: php mysqli

我正在尝试使用mysqli预备声明保护我的登录表单。

我正在使用以下代码,并且我一直收到输入错误信息的错误!

这是我的代码:

   if (isset($_POST["email"]) && isset($_POST["password"])) {
        $manager =  $_POST["email"]; 
        $password = sha1(sha1($_POST['password']).$_POST['password']);
        $stores = $_POST["stores"];

            // Connect to the MySQL database
            include "config/connect.php";

    $stmt = mysqli_prepare(
    $db_conx,
    "SELECT  email, password, storeShop
     FROM storename
     WHERE email = ?
       AND password = ?
       AND storeShop = ?"
);
        $manager =  $_POST["email"]; 
        $password = sha1(sha1($_POST['password']).$_POST['password']);
        $stores = $_POST["stores"];
//after validation, of course
mysqli_stmt_bind_param($stmt, "sss", $manager, $password, $stores);
mysqli_stmt_execute($stmt);
if (mysqli_affected_rows($db_conx))
{
    mysqli_stmt_close($stmt);//<-- CLEAN UP AFTER YOURSELF!
    //update was successful
    $id = mysqli_insert_id($db_conx);
}


$existCount = mysqli_num_rows($query); // count the row nums
    if ($existCount == 1) { // evaluate the count
         while($row = mysqli_fetch_array($query, MYSQLI_ASSOC)){ 
             $storeShop = $row["storeShop"];
         }
         $_SESSION["storeShop"] = $storeShop;
         $_SESSION["manager"] = $manager;
         $_SESSION["password"] = $password;
         $_SESSION['storeShop'] = $storeShop;
         header("location: dashboard");
         exit();
    } else {
        echo "wrong information entered";
        exit();
    }
}

但是当我使用此代码时,它可以正常工作: 

        $sql = "SELECT * FROM storename WHERE email='$manager' AND password='$password' AND storeShop='$stores'";


$query = mysqli_query($db_conx, $sql);
有人可以告诉我我做错了什么吗?

提前致谢。

编辑,这仍然不起作用。

    if (isset($_POST["email"]) && isset($_POST["password"])) {
        $manager =  $_POST["email"]; 
        $password = sha1(sha1($_POST['password']).$_POST['password']);
        $stores = $_POST["stores"];

            // Connect to the MySQL database
            include "config/connect.php";

    $stmt = mysqli_prepare(
    $db_conx,
    "SELECT  email, password, storeShop
     FROM members
     WHERE email = ?
       AND password = ?
       AND storeShop = ?"
);
        $manager =  $_POST["email"]; 
        $password = sha1(sha1($_POST['password']).$_POST['password']);
        $stores = $_POST["stores"];
//after validation, of course
mysqli_stmt_bind_param($stmt, "sss", $manager, $password, $stores);
mysqli_stmt_execute($stmt);
if (mysqli_affected_rows($db_conx))
{
        $existCount = mysqli_stmt_affected_rows($stmt);
        mysqli_stmt_execute($stmt); // count the row nums
    if ($existCount == 1) { // evaluate the count
         while($row = mysqli_fetch_array($stmt, MYSQLI_ASSOC)){ 
             $storeShop = $row["storeShop"];
         }
         $_SESSION["storeShop"] = $storeShop;
         $_SESSION["manager"] = $manager;
         $_SESSION["password"] = $password;
         $_SESSION['storeShop'] = $storeShop;
         header("location: dashboard");
          mysqli_stmt_close($stmt);
         exit();
    } else {
        header("Location: data");
        exit();
    }
   //<-- CLEAN UP AFTER YOURSELF!
    //update was successful
}


}

第二次编辑:

    if (isset($_POST["email"]) && isset($_POST["password"])) {
        $manager =  $_POST["email"]; 
        $password = sha1(sha1($_POST['password']).$_POST['password']);
        $stores = $_POST["stores"];

            // Connect to the MySQL database
            include "config/connect.php";

    $stmt = mysqli_prepare(
    $db_conx,
    "SELECT  email, password, storeShop
     FROM members
     WHERE email = ?
       AND password = ?
       AND storeShop = ?"
);
        $manager =  $_POST["email"]; 
        $password = sha1(sha1($_POST['password']).$_POST['password']);
        $stores = $_POST["stores"];
//after validation, of course
mysqli_stmt_bind_param($stmt, "sss", $manager, $password, $stores);
mysqli_stmt_execute($stmt);
if (mysqli_affected_rows($db_conx))
{
        $existCount = mysqli_stmt_affected_rows($stmt); // count the row nums
    if ($existCount == 1) { // evaluate the count
        if (mysqli_stmt_affected_rows($stmt))
{
     while($row = mysqli_fetch_array($stmt, MYSQLI_ASSOC)){ 
         $storeShop = $row["storeShop"];
     }
     $_SESSION["storeShop"] = $storeShop;
     $_SESSION["manager"] = $manager;
     $_SESSION["password"] = $password;
     $_SESSION['storeShop'] = $storeShop;
     header("location: dashboard");
      mysqli_stmt_close($stmt);
     exit();

} else {
    header("Location: data");
    exit();
}
    }
   //<-- CLEAN UP AFTER YOURSELF!
    //update was successful
}
}

2 个答案:

答案 0 :(得分:0)

这对我有用:

$stmt = $db_conx->prepare("SELECT  email, password, storeShop
     FROM storename
     WHERE email = ?
       AND password = ?
       AND storeShop = ?");
    $stmt->bind_param('sss', $manager, $password, $stores);
    $stmt->execute();
    $stmt->bind_result($manager, $password, $stores);
    $stmt->store_result();
    if($stmt->num_rows == 1)  //To check if the row exists
        {
            while($stmt->fetch()) //fetching the contents of the row

              {      
         $_SESSION["storeShop"] = $storeShop;
         $_SESSION["manager"] = $manager;
         $_SESSION["password"] = $password;
         $_SESSION['storeShop'] = $storeShop;
         header("location: dashboard");
               exit();
               }

        }
        else {
        header("Location: data");
        exit();
        }
        $stmt->close();

答案 1 :(得分:-1)

您需要更新此内容; 

$existCount = mysqli_num_rows($query);


$existCount = mysqli_stmt_affected_rows($stmt);

有关详细信息,请参阅here

修改

在你的代码中它应该是; 

if (mysqli_stmt_affected_rows($stmt))
{
     while($row = mysqli_fetch_array($stmt, MYSQLI_ASSOC)){ 
         $storeShop = $row["storeShop"];
     }
     $_SESSION["storeShop"] = $storeShop;
     $_SESSION["manager"] = $manager;
     $_SESSION["password"] = $password;
     $_SESSION['storeShop'] = $storeShop;
     header("location: dashboard");
      mysqli_stmt_close($stmt);
     exit();

} else {
    header("Location: data");
    exit();
}
相关问题
最新问题