这是为了帮助我理解查询所发生的事情。mysqli查询和会话
它应该告诉我什么值被查询并打印出来。
由于某些原因,它不会拉用户标识,而是说0或null。
它打印:
string(0) "" NULL string(11) "pwdhere" The userid is 0 and the password is pwdhere----oooo set as oooo----6179cbcdc21dd1b3c478e7e2226e0432
如果该会议是这32个字符或用户名/用户名?
为什么不拉动userid?
为什么密码错误时它会工作?
谢谢!!!
<?php
//Store the login in the session:
session_start();
?>
<?php
include ("connectionlinkhere.php");
//connection errors if any...
if (mysqli_connect_errno()) {
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
//GETTING DATA FROM FORM
$userid = htmlentities($_POST['userid'], ENT_QUOTES);
$password = htmlentities($_POST['password'], ENT_QUOTES);
//create a prepared statement
if ($stmt = $mysqli->prepare("SELECT userid, username, password FROM admins WHERE userid=? and password=?"))
{
// bind parameters-define them...the -iss- is for integer, string, string
$stmt->bind_param("iss", $userid, $username, $password);
//execute...
$stmt->execute();
// bind result variables
$stmt->bind_result($userid, $username, $password);
//fetch value
$stmt->fetch();
//to see what the database query is actually pulling
var_dump($userid, $username, $password);
//tell it to format the query results and then print the sentence
$format = 'The userid is %d and the password is %s';
echo sprintf($format, $userid, $password);
//set session
$_SESSION['userid'] = $_POST['username'];
//just to break up the line
echo "----oooo set as oooo----" ;
//this is the 32 digit session value, although assigned as userid or username
echo session_id();
/* close statement */
$stmt->close();
}
// redirect the user
//header("Location: index.php");
else
{
echo "what are you doing...";
}
/* close connection */
$mysqli->close();
?>
请不要将密码存储为痛苦文字。 – 2013-11-21 03:04:55
当我开始生活时,我不会但想确保散列不是问题,因为我开发此页面。虽然 – user3000619
感谢我不能upvote @ Dagon的评论足够。你使用'bind_param'作为三个条目,但在语句中只有两个'?'? –