Fatal编程技术网
  • php/
  • Php 参数化查询未将值传递给$row数组

Php 参数化查询未将值传递给$row数组

php

Php 参数化查询未将值传递给$row数组,php,mysqli,Php,Mysqli,第一次在这里张贴海报。我有一个php登录脚本,但我的SQL查询不会将任何值传递给我的$row数组 <?php require 'functions/security.php'; require('db/connection.php'); session_start(); if(isset($_POST['username'])) { $username = $_POST['username']; $password = $_POST['password'];

第一次在这里张贴海报。我有一个php登录脚本,但我的SQL查询不会将任何值传递给我的$row数组

<?php

require 'functions/security.php';
require('db/connection.php');

session_start();
if(isset($_POST['username'])) {
    $username = $_POST['username'];
    $password = $_POST['password'];

    if($results = $db->query("SELECT userID, username, password 
                              FROM users
                              WHERE username = ?")){
        if($results->num_rows) {
            $results->bind_param('s', $username);
                $results->execute();
                    while($row = $results->fetch_row()) {
                        $userID = $row[0];
                        $dbUsername = $row[1];
                        $dbPassword = $row[2];
                    }
                    $results->free();
        }
    }


    if($username == $dbUsername && password_verify($password, $dbPassword)) {
                    $_SESSION['username'] = $username;
                    $_SESSION['userID'] = $userID;
                    header('Location: index.php');
    } else {
        echo "<h2>Oops!</h2>";
    }
}
?>
我已经看了bind_param的文档一段时间了;我对php非常陌生,所以很可能我遗漏了一些愚蠢的东西,但我一辈子都搞不清楚是什么

编辑 好吧,我没拿到结果。这就解决了这个问题。谢谢
您不能同时执行
查询。您案例中的
query
应该是
prepare


db->query("SELECT userID, username, password FROM users WHERE  username = ?");


应该是


$stmt =  $db->stmt_init();
$stmt->prepare("SELECT userID, username, password FROM users WHERE  username = ?");



stmt
是使用连接准备查询时返回的对象


$conn= $db->stmt_init();
$stmt= $conn->prepare("SELECT userID, username, password 
                      FROM users
                      WHERE username = ?"); 
$stmt->bind_param('s', $username);
$stmt->execute();
$stmt->bind_result($userID, $dbUsername, $dbPassword);

if($stmt->fetch()) {//notice you dont need a loop for single row
   printf("%s %s %s", $userID, $dbUsername, $dbPassword);
}
...



谢谢你的评论。我尽了最大努力并实现了您的建议,但它仍然无法将结果绑定到我请求的字符串。我将在OP中发布编辑。您使用哪些SQL和工具?请添加此信息好吗?
$db
$conn
不匹配

$conn= $db->stmt_init();
$stmt= $conn->prepare("SELECT userID, username, password 
                      FROM users
                      WHERE username = ?"); 
$stmt->bind_param('s', $username);
$stmt->execute();
$stmt->bind_result($userID, $dbUsername, $dbPassword);

if($stmt->fetch()) {//notice you dont need a loop for single row
   printf("%s %s %s", $userID, $dbUsername, $dbPassword);
}
...