1. 首頁
  2. 問答
  3. 在mysqli程序和準備語句之間卡住

在mysqli程序和準備語句之間卡住

2016-08-07 22 views
0

我說我的項目使用php mysqli程序,然後我決定準備並綁定數據。正在創建一個基於角色的用戶系統。以下是我在@ chris85幫助下的註冊碼。在mysqli程序和準備語句之間卡住

<?php 

    session_start(); 
    if(is_file('include/connection.php')) 
    include_once('include/connection.php'); 
    else 
    exit('Database FILES MISSING:('); 


    if(isset($_POST['submit'])) { 
     $errors = array(); 
     $data = array(); 
     $name = $_POST['name']; 
     $last_name = $_POST['last_name']; 
     $user_name = $_POST['user_name']; 
     $user_type = $_POST['user_type']; 
     $email = $_POST['email']; 
     $password = $_POST['password']; 
     $confirm_password = $_POST['confirm_password']; 
     $created_at = $_POST['created_at']; 
     $password_hash = password_hash($password, PASSWORD_DEFAULT);  

     $created_at = date('Y-m-d'); 
     if(!($stmt = $mysqli->prepare("INSERT INTO user (name, last_name, user_name, user_type, email, password, created_at) 
      VALUES (?,?,?,?,?,?,?)"))){ 
      echo "Prepare failed: (" . $mysqli->errno . ")" . $mysqli->error; 
     } 

     if(!$stmt->bind_param('sssssss', $name, $last_name, $user_name, $user_type, $email, $password_hash, $created_at)){ 
     echo "Binding paramaters failed:(" . $stmt->errno . ")" . $stmt->error; 
     } 

     if(!$stmt->execute()){ 
     echo "Execute failed: (" . $stmt->errno .")" . $stmt->error; 
     } 

     if($stmt) { 
      $_SESSION['main_notice'] = "Successfully registered, login here!"; 
      header('Location: index.php'); 

     } 
     else{ 
      echo "Registration failed"; 
     } 

    } 

    $mysqli->close(); 

    ?> 
       <?php 

      //check for any errors 
    //    if(isset($error)){ 
    //     foreach($error as $error){ 
    //      echo '<p style="color: red">'.$error.'</p>'; 
    //     } 
    //    } 
       ?> 

     <form name="register" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" onsubmit="return check()"> 
     <table> 
     <tr> 
      <td>Name</td> 
      <td><input type="text" name="name" value='<?php echo ($name) ?>'></td> 
     </tr> 
     <tr> 
      <td>Last Name</td> 
      <td><input type="text" name="last_name" value='<?php echo ($last_name) ?>'></td> 
     </tr> 
     <tr> 
      <td>User Name</td> 
      <td><input type="text" name="user_name" value='<?php echo ($user_name) ?>'></td> 
     </tr> 
     <tr> 
      <td>User Type</td> 
      <td> 
      <select name="user_type" required> 
      <option value="member">Member</option> 
      <option value="leader">Leader</option> 
      </select> 
      </td> 
     </tr> 

     <tr> 
      <td>Email</td> 
      <td><input type="email" name="email" value='<?php echo ($email) ?>'></td> 
     </tr> 
     <tr> 
      <td>Password:</td> 
      <td><input type="password" name="password" id="password"></td> 
     </tr> 
     <tr> 
      <td>Confirm Password:</td> 
      <td><input type="password" name="confirm_password" id="confirm_password"></td> 
     </tr> 
     <tr> 
      <td></td> 
      <td><input type="submit" name="submit" value="Register"></td> 
      <td><a href='index.php'>Login</a></td> 
     </tr> 
     </table> 
     </form> 
    </div> 
    <script> 
    // function check(){ 
    // if(document.getElementById('password').value != document.getElementById('confirm_password').value){ 
    //  alert('password not match'); 
    //  return false; 
    // }else{ 
    //  return true; 
    // } 
    // } 
    </script> 
    <?php 
    if(is_file('include/footer.php')) 
    include_once('include/footer.php'); 
    ?>

所以,現在我試圖做同樣的我的登錄系統inluding stmt和綁定。有更善良的人如何執行角色的一部分。以下是我的登錄代碼。

<?php 
    session_start(); 
    if(isset($_SESSION['user_type']) && isset($_SESSION['user_id'])) 
    { 
     header('Location: profile.php'); 
    } 

    session_start(); 
    if(is_file('include/connection.php')) 
     include_once('include/connection.php'); 
    else 
     exit('Database FILES MISSING:('); 

    $username = $_POST['username']; 
    $password = $_POST['password']; 

    if(isset($_POST['submit'])){ 


     if(!($stmt = $mysqli->prepare("SELECT * FROM user WHERE user_name = '$name' AND password = '$password' AND user_type = '$user_type'"))){ 
      echo "Prepare failed: (" . $mysqli->errno . ")" . $mysqli->error; 
     } 

     if(!$stmt->bind_param('sss', $username, $password, $user_type)){ 
      echo "Bind failed: (" . $stmt->errno . ")" . $stmt->error; 
     } 

     if(mysqli_num_rows($result)){ 

      $row = mysqli_fetch_array($result);    
      $_SESSION['user_id'] = $row['id']; 
      $_SESSION['user_name'] = strtoupper($row['name']); 
      $user_type = strtolower($row['user_type']); 
      if(strtolower($user_type) == 'member'){ 

       $_SESSION['user_type'] = 'member'; 
       //header('Location: member-dashboard-home.php'); 
       header('Location: profile.php'); 

      }elseif(strtolower($user_type) == 'admin' || strtolower($user_type) == 'leader'){ 

       $_SESSION['user_type'] = strtolower($user_type);           
       //header('Location: admin-dashboard-home.php'); 
       header('Location: profile.php'); 
      } 


     }else{ 
      $_SESSION['main_notice'] = "Invalid login details!"; 
      header('Location: '.$_SERVER['PHP_SELF']);exit(); 
     } 
    } 
} 

$stmt->bind_result($username, $password); 
$stmt->store_result(); 

if(password_verify($password, $row['password'])){ 

    $_SESSION['user'] = $_POST['username']; 
    header('Location: restricted.php'); 
    exit(); 
} else{ 
    echo "Login Failed: (" . $stmt->errno .")" . $stmt->error; 
} 
$stmt->close(); 

} 

$mysqli->close(); 

$_SESSION['main_title'] = "Login"; 
?>

道歉,如果我的代碼無處不在。如果可能,請編輯我的代碼或只是解釋過程中或錯誤。

在此先感謝。

來源

2016-08-07 Olamilekan Oshodi

+0

SO是**不是免費的編碼或代碼轉換或調試或教程或圖書館查找服務** 你還必須證明你已經取得了一些努力來解決你自己的問題。 – RiggsFolly

+0

嗨,你可以看到在我發佈之前正在編寫這個代碼......不像我問你爲我創建一個項目。 –

+0

@ chris85做的第一部分,現在你想要別人做下一部分。看起來你依賴於我們中的一個人爲你寫大部分內容! – RiggsFolly

回答

2

你有這樣的代碼:

if (!($stmt = $mysqli->prepare("SELECT * FROM user WHERE user_name = '$name' AND password = '$password' AND user_type = '$user_type'"))) 
{ 
    echo "Prepare failed: (" . $mysqli->errno . ")" . $mysqli->error; 
}

但你需要使用問號prepare而不是使用具體的變量名準備語句。

所以代碼可能是這樣的:

if (!($stmt = $mysqli->prepare("SELECT * FROM user WHERE user_name = ? AND password = ? AND user_type = ?"))) 
{ 
    echo "Prepare failed: (" . $mysqli->errno . ")" . $mysqli->error; 
}

而且你需要bind_param之前定義的變量$user_type

bind_param後,您需要通過$stmt->execute();

執行查詢更多是必要的,當你使用查詢像SELECT *

$stmt->bind_result($column_1, ..., $column_n);

在一般從與變量user表中的每一列綁定,看起來更加詳細關於mysqli的準備陳述here

最後,我注意到你的代碼中有一些語法錯誤。你有兩個右括號。

}else{ 
    $_SESSION['main_notice'] = "Invalid login details!"; 
    header('Location: '.$_SERVER['PHP_SELF']); 
    exit(); 
} 
} 
} <= Delete this bracket 


else{ 
    echo "Login Failed: (" . $stmt->errno .")" . $stmt->error; 
} 
$stmt->close(); 

} <= Delete this bracket

來源

2016-08-07 22:19:54

+0

哦,是的...很好,我會記下這一點。謝謝。 –

+0

如果我修改代碼,其餘的登錄代碼看起來如何...我一直在想我仍然包括或刪除的東西。 –

+0

對不起,延遲迴復...我正在尋找這個權利。真的很感謝你的意見。謝謝。 –

相關問題

 相關問題