PHP準備查詢不起作用

Question

我一直在試圖準備一個查詢，然後將它發送到數據庫，但它沒有從數據庫中取出任何東西。它告訴我用戶/傳球組合不正確。 （當它是正確的），這意味着它有來自數據庫的0行。任何人都可以告訴我如何解決這個問題？

/* Create a prepared statement */ 
     $stmt = mysqli_stmt_init($con); 

     mysqli_stmt_prepare($stmt, "SELECT * FROM users WHERE username = ? AND userpass = ?"); 

     /* Bind parameters 
     s - string, b - blob, i - int, etc */ 
     mysqli_stmt_bind_param($stmt, "ss", $username, $userpass); 

     /* Execute it */ 
     mysqli_stmt_execute($stmt); 

     /* Bind results */ 
     mysqli_stmt_bind_result($stmt, $username, $userpass); 

     /* Fetch the value */ 
     mysqli_stmt_fetch($stmt); 

     /* close statement */ 
     mysqli_stmt_close($stmt); 


     /* $result = mysqli_query($con,"SELECT * FROM users 
      WHERE username = '$username' AND userpass = '$userpass'"); */ 


     if(!$stmt) 
     { 
      //something went wrong, display the error 
      echo '<ul class="ulstylecenter"> 
      <li>Something went wrong while signing in. Please try again later.</li> 
      <li>If you are not redirected in 5 seconds please <a href="/home.php">click here</a>.</li> 
      </ul>'; 
      header('Refresh: 5;url=/home.php'); 
      //echo mysqli_error(); //debugging purposes, uncomment when needed 
     } 
     else 
     { 
      //the query was successfully executed, there are 2 possibilities 
      //1. the query returned data, the user can be signed in 
      //2. the query returned an empty result set, the credentials were wrong 
      if(mysqli_num_rows($stmt) == 0) 
      { 
       echo '<ul class="ulstylecenter"> 
       <li>You have supplied a wrong user/password combination. Please try again.</li></ul>'; 
       echo '<form method="post" action=""> 
         <table> 
         <tr> 
         <th><label for="username" class="signinlabel">Username:</label></th> 
         <td><input type="text" name="username" value="'; 
         if(isset($username)){ echo $username; } 
         echo '" class="signininput"></td> 
         </tr> 

         <tr> 
         <th><label for="userpass" class="signinlabel">Password:</label></th> 
         <td><input type="password" name="userpass" class="signininput"></td> 
         </tr> 
         </table> 
         <ul class="forgotsignin"><li><a href="#">Forgot your username or password?</a></li></ul> 
         <input type="submit" value="Sign In" class="signinbutton" id="signinbuttonid"> 
       </form>'; 
      } 
      else 
      { 
      $_SESSION['signed_in'] = true; 

       //we also put the user_id and user_name values in the $_SESSION, so we can use it at various pages 
       while($row = mysqli_fetch_assoc($stmt)) 
       { 
        $_SESSION['user_id'] = $row['user_id']; 
        $_SESSION['username'] = $row['username']; 
        $_SESSION['useremail'] = $row['useremail']; 
        $_SESSION['userdate'] = $row['userdate']; 
       } 
       echo '<ul class="ulstylecenter"> 
        <li>Succesfully logged in.</li> 
        <li>If you are not redirected in 5 seconds please <a href="/home.php">click here</a>. 
        </li></ul>'; 
       header('Refresh: 5;url=/home.php'); 
      } 

Answer 1

很多在你的代碼缺陷。只有一些：

1. 您需要添加到mysqli_stmt_bind_result PARAMS變量將代表你的表users的所有列。例如，如果您有表中的字段：

   id username password email date 
   

   您的通話mysqli_stmt_bind_result應該是這樣的：

   mysqli_stmt_bind_result($stmt, $id, $username, $userpass, $email, $date); 
   

   因爲查詢包含SELECT *。

2. 請勿在mysqli_stmt_close($stmt);之後檢查if (!$stmt)。

3. 如果你已經有$username和$userpass值是沒有意義的，從再次數據庫中獲取它們...

我們強烈建議您仔細閱讀整個mysqli documendation。

我覺得你的代碼應該是這樣的（如果你喜歡的程序mysqli的風格）：

$stmt = mysqli_stmt_init($con); 

mysqli_stmt_prepare($stmt, "SELECT user_id, useremail, userdate FROM users WHERE username = ? AND userpass = ?"); 
mysqli_stmt_bind_param($stmt, "ss", $username, $userpass); 

mysqli_stmt_execute($stmt); 
mysqli_stmt_store_result($stmt); 

if (mysqli_stmt_errno($stmt)) { 
    //something went wrong, display the error 
    echo '<ul class="ulstylecenter"> 
      <li>Something went wrong while signing in. Please try again later.</li> 
      <li>If you are not redirected in 5 seconds please <a href="/home.php">click here</a>.</li> 
      </ul>'; 
    header('Refresh: 5;url=/home.php'); 
    //echo mysqli_stmt_error(); //debugging purposes, uncomment when needed 
} elseif (0 === mysqli_stmt_num_rows($stmt)) { 
    //the query was successfully executed, there are 2 possibilities 
    //1. the query returned data, the user can be signed in 
    //2. the query returned an empty result set, the credentials were wrong 

    echo '<ul class="ulstylecenter"> 
      <li>You have supplied a wrong user/password combination. Please try again.</li></ul>'; 
    echo '<form method="post" action=""> 
        <table> 
        <tr> 
        <th><label for="username" class="signinlabel">Username:</label></th> 
        <td><input type="text" name="username" value="'; 
    if (isset($username)) { 
     echo $username; 
    } 
    echo '" class="signininput"></td> 
        </tr> 

        <tr> 
        <th><label for="userpass" class="signinlabel">Password:</label></th> 
        <td><input type="password" name="userpass" class="signininput"></td> 
        </tr> 
        </table> 
        <ul class="forgotsignin"><li><a href="#">Forgot your username or password?</a></li></ul> 
        <input type="submit" value="Sign In" class="signinbutton" id="signinbuttonid"> 
      </form>'; 
} else { 
    session_start(); 
    $_SESSION['signed_in'] = true; 

    //we also put the user_id and user_name values in the $_SESSION, so we can use it at various pages 
    mysqli_stmt_bind_result($stmt, $user_id, $useremail, $userdate); 
    mysqli_stmt_fetch($stmt); 
    $_SESSION['user_id'] = $user_id; 
    $_SESSION['username'] = $username; 
    $_SESSION['useremail'] = $useremail; 
    $_SESSION['userdate'] = $userdate; 

    echo '<ul class="ulstylecenter"> 
       <li>Succesfully logged in.</li> 
       <li>If you are not redirected in 5 seconds please <a href="/home.php">click here</a>. 
       </li></ul>'; 
    header('Refresh: 5;url=/home.php'); 
} 

Answer 2

請與您的var_dump變量（），然後嘗試設置變量$ username和$爲userpass 此行之後：

mysqli_stmt_bind_result($stmt, $username, $userpass);