1
可能是这个问题将是一种“愚蠢的 - 问题”,但仍... 我新的PHP和SQL,我不明白我在做什么错在这里:SQL准备语句。 PHP
if(isset($_POST[$logButton])) //Checking for login button pressed
{
//Retrieving information from POST method
$uid = $_POST['login'];
$upwd = $_POST['password'];
//SQL Connection
$mysqli = new mysqli('localhost', 'root', '', 'students');
if(!$mysqli)
{
echo "<h1 class='h1A'>Problem accured while connecting to the DB. " . mysqli_error($mysqli) . "</h1>"; //!!!Delete displaying error msg after dev.
}else
{
$sql = "SELECT * FROM login_data WHERE login = ? AND password = ?"; //SQL query
$stmt = $mysqli->prepare($sql) or die("error1"); //No error
$stmt->bind_param('ss', $uid, $upwd) or die("error2");//No error
$stmt->execute() or die("error3");//Giving DB query. No error
$result = $stmt->fetch() or die("error4".mysqli_error($mysqli)); //Putting query's result into assoc array. !!!Delete displaying error msg after dev. No error
echo print_r($result); //It prints out "11" ? ? ?
if(count($result['id']) < 1) //If no rows found.
{
echo "<h1 class='h1A'>Couldn't find account. Please, recheck login and password.</h1>";
die();
}elseif($result['id'] > 1)//If more then 1 row found.
{
echo "<h1 class='h1A'>Caught 9090 error. Contact the administrator, please.".mysqli_error($mysqli)."</h1>";
die();
}elseif($result['id'] == 1) //If only one row's been found.
{
$_SESSION['isLoggedIn'] = true;
redirectTo('/index.php'); //Declared function.
die();
}
}
}
这是lib.php文件中处理函数的一部分。该文件包含在html页面中,并使用该功能。没有错误显示,当我print_r $结果 - 打印出来11.无法得到它。
**切勿以明文形式存储密码!**。只存储密码哈希!使用PHP的['password_hash()'](http://php.net/manual/en/function.password-hash.php)和['password_verify()'](http://php.net/manual/en /function.password-verify.php)。如果您运行的PHP版本低于5.5(我希望不是),那么可以使用[password_compat库](https://github.com/ircmaxell/password_compat)来获得相同的功能。 –
谢谢。我会用它。 –