php:如何使用准备好的语句从sql获取用户名或电子邮件
下面的代码用于用户输入用户名或电子邮件 如果我按如下方式使用代码,$resultCheck似乎返回空,因此给出了一个错误。变量$userName应该传递用户在相应输入字段中输入的任何内容,但使用以下代码,它似乎不会传递任何内容到查询:php:如何使用准备好的语句从sql获取用户名或电子邮件,php,mysql,prepared-statement,Php,Mysql,Prepared Statement,下面的代码用于用户输入用户名或电子邮件 如果我按如下方式使用代码,$resultCheck似乎返回空,因此给出了一个错误。变量$userName应该传递用户在相应输入字段中输入的任何内容,但使用以下代码,它似乎不会传递任何内容到查询: $userName=mysqli\u real\u escape\u字符串($conn,$\u POST['userName']); $userPassword=mysqli\u real\u escape\u字符串($conn,$\u POST['userPas
$userName=mysqli\u real\u escape\u字符串($conn,$\u POST['userName']);
$userPassword=mysqli\u real\u escape\u字符串($conn,$\u POST['userPassword']);
if(空($userName)| |空($userPassword)){
标题(“位置:../signup.php?login=error”);
退出();
}否则{
//创建模板
$sql=“从user_name=?或user_email=?;”的用户中选择*;
//创建准备好的语句
$stmt=mysqli\u stmt\u init($conn);
//准备陈述
如果(!mysqli_stmt_prepare($stmt,$sql)){
回显“SQL失败”;
}否则{
//将参数绑定到占位符
mysqli_stmt_bind_param($stmt,“s”,$userName);
//运行参数
mysqli_stmt_execute($stmt);
$result=mysqli\u stmt\u get\u result($stmt);
$resultCheck=mysqli_num_行($result);
echo$resultCheck;
如果($resultCheck<1){
标题(“位置:../signup.php?login=error”);
退出();
}否则{
如果($row=mysqli\u fetch\u assoc($result)){
$pwVeryfied=password\u verify($userPassword,$row['user\u password']);
如果($pwVeryfied==true){
//在这里登录
$\会话['u\u id']=$row['user\u id'];
$\会话['u\u name']=$row['user\u name'];
$\会话['u\电子邮件']=$row['user\电子邮件'];
标题(“位置:../index.php?login=success”);
}否则{
标题(“位置:../signup.php?login=error”);
退出();
}
}
}
}
}
echo$resultCheck没有给出任何信息。如果我这样更改代码:
$sql = "SELECT * FROM users WHERE user_name = ?;"
echo$resultCheck
按预期给出值1
有人知道怎么解决这个问题吗 解决方案:
我得换衣服
mysqli_stmt_bind_param($stmt, "s", $userName);
进入
我的逻辑是,因为我只想检查电子邮件或用户名,所以我只需要绑定一个参数,但显然不是这样
所以我的代码现在看起来像这样:
$userName = mysqli_real_escape_string($conn, $_POST['username']);
$userPassword = mysqli_real_escape_string($conn, $_POST['userpassword']);
if (empty($userName) || empty ($userPassword)) {
header("Location: ../signup.php?login=error");
exit();
} else {
//Create a template
$sql = "SELECT * FROM users WHERE user_name = ? OR user_email=?;";
//Create a prepared statement
$stmt = mysqli_stmt_init($conn);
//prepare prepared statement
if (!mysqli_stmt_prepare($stmt, $sql)) {
echo "SQL failed";
} else {
//Bind parameters to the placeholder
mysqli_stmt_bind_param($stmt, "ss", $userName, $userName);
//run params
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
$resultCheck = mysqli_num_rows($result);
echo $resultCheck;
if ($resultCheck < 1) {
header("Location: ../signup.php?login=error");
exit();
} else {
if ($row = mysqli_fetch_assoc($result)) {
$pwVeryfied = password_verify($userPassword, $row['user_password']);
if ($pwVeryfied == true){
//login here
$_SESSION['u_id'] = $row['user_id'];
$_SESSION['u_name'] = $row['user_name'];
$_SESSION['u_email'] = $row['user_email'];
header("Location: ../index.php?login=success");
} else {
header("Location: ../signup.php?login=error");
exit();
}
}
}
}
}
$userName=mysqli\u real\u escape\u字符串($conn,$\u POST['userName']);
$userPassword=mysqli\u real\u escape\u字符串($conn,$\u POST['userPassword']);
if(空($userName)| |空($userPassword)){
标题(“位置:../signup.php?login=error”);
退出();
}否则{
//创建模板
$sql=“从user_name=?或user_email=?;”的用户中选择*;
//创建准备好的语句
$stmt=mysqli\u stmt\u init($conn);
//准备陈述
如果(!mysqli_stmt_prepare($stmt,$sql)){
回显“SQL失败”;
}否则{
//将参数绑定到占位符
mysqli_stmt_bind_param($stmt,“ss”,$userName,$userName);
//运行参数
mysqli_stmt_execute($stmt);
$result=mysqli\u stmt\u get\u result($stmt);
$resultCheck=mysqli_num_行($result);
echo$resultCheck;
如果($resultCheck<1){
标题(“位置:../signup.php?login=error”);
退出();
}否则{
如果($row=mysqli\u fetch\u assoc($result)){
$pwVeryfied=password\u verify($userPassword,$row['user\u password']);
如果($pwVeryfied==true){
//在这里登录
$\会话['u\u id']=$row['user\u id'];
$\会话['u\u name']=$row['user\u name'];
$\会话['u\电子邮件']=$row['user\电子邮件'];
标题(“位置:../index.php?login=success”);
}否则{
标题(“位置:../signup.php?login=error”);
退出();
}
}
}
}
}
您有两个?
但绑定一个。你确定你做得对吗?你只绑定了一个参数。如果您想在电子邮件字段中添加另一位?您还需要绑定另一个参数才能使用它。添加ini\u集('display\u errors',1);ini_集(“日志错误”,1);错误报告(E_全部);mysqli_报告(mysqli_报告错误| mysqli_报告严格)到脚本的顶部。这将强制任何mysqli\uuu
错误生成一个可以在浏览器上看到的异常,其他错误也会在浏览器上看到。我添加了异常生成命令,然后使用(“ss”、$userName、$userName)绑定了两个参数,这实际上解决了问题。我将把我的帖子编辑成工作版本。非常感谢。不,请不要将您的帖子编辑到工作版本。你的帖子是个问题。如果你有一个有效的版本,把它作为答案发布。这样,未来的人们就能看到问题和解决方案。这就是这个网站的全部要点。另外,你也可以“接受”你自己的答案,这是另一个好处。谢谢
$userName = mysqli_real_escape_string($conn, $_POST['username']);
$userPassword = mysqli_real_escape_string($conn, $_POST['userpassword']);
if (empty($userName) || empty ($userPassword)) {
header("Location: ../signup.php?login=error");
exit();
} else {
//Create a template
$sql = "SELECT * FROM users WHERE user_name = ? OR user_email=?;";
//Create a prepared statement
$stmt = mysqli_stmt_init($conn);
//prepare prepared statement
if (!mysqli_stmt_prepare($stmt, $sql)) {
echo "SQL failed";
} else {
//Bind parameters to the placeholder
mysqli_stmt_bind_param($stmt, "ss", $userName, $userName);
//run params
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
$resultCheck = mysqli_num_rows($result);
echo $resultCheck;
if ($resultCheck < 1) {
header("Location: ../signup.php?login=error");
exit();
} else {
if ($row = mysqli_fetch_assoc($result)) {
$pwVeryfied = password_verify($userPassword, $row['user_password']);
if ($pwVeryfied == true){
//login here
$_SESSION['u_id'] = $row['user_id'];
$_SESSION['u_name'] = $row['user_name'];
$_SESSION['u_email'] = $row['user_email'];
header("Location: ../index.php?login=success");
} else {
header("Location: ../signup.php?login=error");
exit();
}
}
}
}
}