這是爲了幫助我理解查詢所發生的事情。mysqli查詢和會話
它應該告訴我什麼值被查詢並打印出來。
由於某些原因,它不會拉用戶標識,而是說0或null。
它打印:
string(0) "" NULL string(11) "pwdhere" The userid is 0 and the password is pwdhere----oooo set as oooo----6179cbcdc21dd1b3c478e7e2226e0432
如果該會議是這32個字符或用戶名/用戶名?
爲什麼不拉動userid?
爲什麼密碼錯誤時它會工作?
謝謝!!!
<?php
//Store the login in the session:
session_start();
?>
<?php
include ("connectionlinkhere.php");
//connection errors if any...
if (mysqli_connect_errno()) {
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
//GETTING DATA FROM FORM
$userid = htmlentities($_POST['userid'], ENT_QUOTES);
$password = htmlentities($_POST['password'], ENT_QUOTES);
//create a prepared statement
if ($stmt = $mysqli->prepare("SELECT userid, username, password FROM admins WHERE userid=? and password=?"))
{
// bind parameters-define them...the -iss- is for integer, string, string
$stmt->bind_param("iss", $userid, $username, $password);
//execute...
$stmt->execute();
// bind result variables
$stmt->bind_result($userid, $username, $password);
//fetch value
$stmt->fetch();
//to see what the database query is actually pulling
var_dump($userid, $username, $password);
//tell it to format the query results and then print the sentence
$format = 'The userid is %d and the password is %s';
echo sprintf($format, $userid, $password);
//set session
$_SESSION['userid'] = $_POST['username'];
//just to break up the line
echo "----oooo set as oooo----" ;
//this is the 32 digit session value, although assigned as userid or username
echo session_id();
/* close statement */
$stmt->close();
}
// redirect the user
//header("Location: index.php");
else
{
echo "what are you doing...";
}
/* close connection */
$mysqli->close();
?>
請不要將密碼存儲爲痛苦文字。 – 2013-11-21 03:04:55
當我開始生活時,我不會但想確保散列不是問題,因爲我開發此頁面。雖然 – user3000619
感謝我不能upvote @ Dagon的評論足夠。你使用'bind_param'作爲三個條目,但在語句中只有兩個'?'? –