1. 首页
  2. 问答
  3. 参数化查询不会将值传递给$ row数组

参数化查询不会将值传递给$ row数组

2014-09-02 76 views
0

这里是第一次海报。我有一个php登录脚本,但我的SQL查询不会将任何值传递给我的$ row数组。

<?php 

require 'functions/security.php'; 
require('db/connection.php'); 

session_start(); 
if(isset($_POST['username'])) { 
    $username = $_POST['username']; 
    $password = $_POST['password']; 

    if($results = $db->query("SELECT userID, username, password 
           FROM users 
           WHERE username = ?")){ 
     if($results->num_rows) { 
      $results->bind_param('s', $username); 
       $results->execute(); 
        while($row = $results->fetch_row()) { 
         $userID = $row[0]; 
         $dbUsername = $row[1]; 
         $dbPassword = $row[2]; 
        } 
        $results->free(); 
     } 
    } 


    if($username == $dbUsername && password_verify($password, $dbPassword)) { 
        $_SESSION['username'] = $username; 
        $_SESSION['userID'] = $userID; 
        header('Location: index.php'); 
    } else { 
     echo "<h2>Oops!</h2>"; 
    } 
} 
?>

我一直在寻找关于bind_param的文档一段时间;我对PHP很陌生,所以很可能我错过了一些愚蠢的东西,但是我不能为了我的生活而弄清楚什么。

编辑 好的哎呀,我没有取得结果。解决了这个问题。谢谢! 

<?php 
    require('db/connection.php'); 
    session_start(); 
    //if(isset($_POST['username'])) { 
     $username = "MYUSERNAMEFORTESTINGPURPOSES"; 
     $password = "MYPASSWORDFORTESTINGPURPOSES"; 


     $stmt=$db->stmt_init(); 
     $stmt->prepare("  SELECT userID, username, password 
           FROM users 
           WHERE username = ?"); 
        $stmt->bind_param('s', $username); 
        $stmt->execute(); 
        $stmt->bind_result($userID, $dbUsername, $dbPassword); 
        //WOOPS WASNT FETCHING RESULT 
        while ($stmt->fetch()) { 
         printf("%s %s %s", $userID, $dbUsername, $dbPassword); 
        } 

     if($username == $dbUsername && password_verify($password, $dbPassword)) { 
         $_SESSION['username'] = $username; 
         $_SESSION['userID'] = $userID; 
         header('Location: index.php'); 
     } else { 
      echo "<h2>Oops!</h2>"; 
     } 
    //} 
    ?>

来源

2014-09-02 austin43

+0

您使用哪种SQL和工具?你能否添加这些信息? – 2014-09-02 05:29:35

回答

1

You don't queryexecute在一起。你的情况这query应该是prepare

db->query("SELECT userID, username, password FROM users WHERE username = ?");

应该

$stmt = $db->stmt_init(); 
$stmt->prepare("SELECT userID, username, password FROM users WHERE username = ?");

Manual

来源

2014-09-02 03:56:26

+0

感谢您的评论。我给了我最好的一击,并实施了你的建议,但它仍然不会将结果绑定到我请求的字符串。我将在OP中发布编辑。 – austin43 2014-09-02 05:11:58

0

stmt是将对象从当你prepare()使用该连接返回的查询。

$conn= $db->stmt_init(); 
$stmt= $conn->prepare("SELECT userID, username, password 
         FROM users 
         WHERE username = ?"); 
$stmt->bind_param('s', $username); 
$stmt->execute(); 
$stmt->bind_result($userID, $dbUsername, $dbPassword); 

if($stmt->fetch()) {//notice you dont need a loop for single row 
    printf("%s %s %s", $userID, $dbUsername, $dbPassword); 
} 
...

来源

2014-09-02 05:32:25 meda

+0

'$ db'和'$ conn'不匹配 – 2014-09-02 06:55:31

相关问题

 相关问题