时间戳

首页 > 解决方案 > mysqli 语句准备有问题

php - mysqli 语句准备有问题

问题描述

我的 PHP 代码有错误。此语句 header("Location: /pluto_project/index.php?error=nouser"); 在我的 else 语句中总是被执行。

我只是 PHP 的新手,我对所有事情都没有广泛的了解。请帮我。非常感谢。

<?php
    
if(isset($_POST['submit']))
{
    require 'database_handler.inc.php';

    $user_name = $_POST['name'];
    $password = $_POST['password'];

    if(empty($user_name) || empty($password) ) {
        header("Location: /pluto_project/index.php?error=emptyFields&username=".$user_name);
        exit();
    }
    else{
        $sql = "SELECT * FROM users WHERE username=?";
        $statement = mysqli_stmt_init($connection);

        if(!mysqli_stmt_prepare($statement, $sql)){
            header("Location: /pluto_project/index.php?error=sqlError");
            exit();
        }
        else{
            mysqli_stmt_bind_param($statement, "s", $username);
            mysqli_stmt_execute($statement);

            $result = mysqli_stmt_get_result($statement);

            if($row = mysqli_fetch_assoc($result) ){
                $password_check = password_verify($password, $row['upassword']);
                
                if(!$password_check){
                    header("Location: /pluto_project/index.php?error=wrongpassword");
                    exit();
                }
                else if($password_check){
                    session_start();
                    $_SESSION['userID'] = $row['id_user'];
                    $_SESSION['userName'] = $row['username'];
                    
                    header("Location: /pluto_project/index.php?login=success");
                    exit();
                        
                }
                else{
                    header("Location: /pluto_project/index.php?error=sqlError");
                    exit();
                }
            }
            else{
                header("Location: /pluto_project/index.php?error=nouser");
                exit();
            }
        }
    }
}
else{
    header("Location: /pluto_project/index.php");
    exit();
}

标签: phpmysqli

解决方案

您在 sql 语句中使用了未定义的变量。在您的绑定中,您引用$username但在您的变量定义中定义$user_name.

// wrong code
$user_name = $_POST['name'];
mysqli_stmt_bind_param($statement, "s", $username);

// fixed code
$user_name = $_POST['name'];
mysqli_stmt_bind_param($statement, "s", $user_name);

尝试更改语句/变量以匹配您的声明。

推荐阅读