出于某种原因,尽管我确定输入的密码和用户名正确,但我的prepare语句似乎未返回任何行或登录。当运行不带prepare语句的代码时,系统将登录。有人会碰巧知道为什么我的prepare语句不起作用,还是应该使用其他方法?
<?php session_start(); ?>
<!DOCTYPE html>
<html>
<head>
<title>Logged in</title>
</head>
<body>
<?php
$user=$_GET["username"];
$pass=$_GET["password"];
$servername="localhost";
$username="root";
$password="";
$dbName="db_artzytest";
$conn=new mysqli($servername, $username, $password, $dbName);
if($conn->connect_error){
echo $conn->connect_error;
die("connection to server not found");
}else{
echo "connection established";
}
///finds account with matching login info
$sql="SELECT * FROM db_users WHERE username='{$user}' AND password='{$pass}' ";
$sql="SELECT * FROM db_users WHERE username = ? AND password = ?";
try{
$stmt = $conn->prepare($sql);
$stmt->bind_param("ss", $user, $pass);
$stmt->execute();
}catch(Exception $e){
die("prepare failed: " . $e);
}
echo 'here';
//$result = $stmt->store_result();
printf("Number of rows: %d. \n", $stmt->num_rows);
//$result=$conn->query($sql);
echo 'here';
if( mysqli_num_rows($result) > 0 ){
while($row=mysqli_fetch_assoc($result)){
//only logs in if the account is activated
if($row["isActivated"]==1){
$_SESSION["currentUser"]=$user;
$_SESSION["currentId"]=$row["id"];
$_SESSION["currentPass"]=$pass;
//header( 'Location: ../ProfilePage/profilePage.php' );
header( 'Location: ../Content/displayGroup.php?group=general' );
}else{
$_SESSION["m_Login"]="Unverified Account. Check your email to verify.";
header('Location: Login.php');
}
}
/*
$sql=" SELECT * FROM table_images WHERE userid = {$_SESSION["currentId"]} ";
$result=$conn->query($sql);
if(mysqli_num_rows($result) > 0){
while($row=mysqli_fetch_assoc($result)){
echo "<img style='height: 10vh; width: 10vw;' src='../../images/{$row["id"]}.jpg' />";
echo "{$row["imageName"]}</br>";
}
}
*/
}else{
$_SESSION["m_Login"]="password or username incorrect {$user} {$pass}" . var_dump(mysqli_stmt_get_result($stmt) );
header('Location: Login.php');
echo "no user found";
}
?>
</body>
</html>
最佳答案
您将OO和procdeural混合使用,所以我将假定这是导致您的代码无法按预期执行的原因。
该文档指出:
仅限于过程样式:mysqli_query(),mysqli_store_result()或mysqli_use_result()返回的结果集标识符。
更改,
if( mysqli_num_rows($result) > 0 ){
至,
if($stmt->num_rows($result) > 0 ) {
那应该解决问题。
关于php - 为什么我的prepare语句不起作用?,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/45777042/