我正在尝试建立一个基本的登录系统。用户输入用户名+密码,然后发布并在以下代码中使用:
if(isset($_POST['submit'])) {
$sql = "SELECT username, password FROM tbl_users WHERE username = ? AND password = ?";
$stmt = $mysqli->prepare($sql);
if(!$stmt) {
die("Prepare failed: (" . $mysqli->errno . ") " . $mysqli->error);
}
$username = $_POST['username'];
$password = $_POST['password'];
var_dump($username);
var_dump($password);
$bind_result = $stmt->bind_param("ss", $username, $password);
if(!$bind_result) {
echo "Binding failed: (" . $stmt->errno . ") " . $stmt->error;
}
$execute_result = $stmt->execute();
if(!$execute_result) {
echo "Execute failed: (" . $stmt->errno . ") " . $stmt->error;
}
$stmt->bind_result($returned_username, $returned_password);
while($stmt->fetch()) {
var_dump($returned_username);
var_dump($returned_password);
if($username === $returned_username && $password === $returned_password) {
echo "You are now logged in!";
} else {
echo "Incorrect username or password";
}
}
如果我输入正确的用户名和密码,一切正常,并且正确登录。当我使用错误的密码或不在数据库中的用户名输入错误信息时,问题就开始出现了。 “不正确的用户名或密码”行根本没有用过。
我是使用预准备语句的新手,但到目前为止我对它的理解是,一旦我绑定结果,我只能使用fetch在while循环中访问它们。但是,如果没有找到结果,那么该循环将永远不会运行,因此我无法测试查询是否找到任何结果。我可能在这里遗漏了一些明显的东西,但我整个上午一直试图解决这个问题,这让我感到疯狂。
答案 0 :(得分:1)
我建议你,像这样使用它:
if (isset($_POST['submit'])) {
//Checking, is a user exists with these credentials?
$sql = "SELECT COUNT(*) AS cnt FROM tbl_users WHERE username = ? AND password = ?";
$stmt = $mysqli->prepare($sql);
if (!$stmt) {
die("Prepare failed: (" . $mysqli->errno . ") " . $mysqli->error);
}
$bind_result = $stmt->bind_param("ss", $_POST['username'], $_POST['password']);
if (!$bind_result) {
echo "Binding failed: (" . $stmt->errno . ") " . $stmt->error;
}
$execute_result = $stmt->execute();
if (!$execute_result) {
echo "Execute failed: (" . $stmt->errno . ") " . $stmt->error;
}
$stmt->bind_result($cnt);
$stmt->fetch();
if ($cnt > 0) {
echo "You are now logged in!";
} else {
echo "Incorrect username or password";
}
}
答案 1 :(得分:0)
如果你得到任何结果测试怎么样,如果你没有抛出错误:
if($stmt->fetch())
{
do {
var_dump($returned_username);
var_dump($returned_password);
if($username === $returned_username && $password === $returned_password) {
echo "You are now logged in!";
} else {
echo "Incorrect username or password";
}
} while($stmt->fetch());
}
else
{
echo "Incorrect username or password";
}
答案 2 :(得分:0)
您遇到的问题基于代码中实现的逻辑。如果没有用户从数据库中检索,那么检查正确用户名和密码的代码永远不会运行,只需更改代码中的几行就可以解决这个问题,试试这个:
//this is your code at the moment
while($stmt->fetch()) {
var_dump($returned_username);
var_dump($returned_password);
if($username === $returned_username && $password === $returned_password) {
echo "You are now logged in!";
} else {
echo "Incorrect username or password";
}
}
//replace that for this
while($stmt->fetch()) {
var_dump($returned_username);
var_dump($returned_password);
}
if($username === $returned_username && $password === $returned_password) {
echo "You are now logged in!";
} else {
echo "Incorrect username or password";
}
希望能帮助您解决问题,快乐编码。