[英]mysqli_stmt::bind_param(): Number of variables doesn't match number of parameters in prepared statement
I am They try to use mysqli :: bind_param
unsuccessfully . 我是他们尝试不成功使用mysqli :: bind_param
。 In the code , below , the function login ( )
is called with a username
and password
on the page login.php
. 在下面的代码中,在login.php
页面上使用username
和password
调用函数login ( )
。 Despite all efforts and guides and forums have read , continues to return the same error . 尽管付出了所有努力,并且指南和论坛已经阅读,但仍然会返回相同的错误。
I tried both with 我都尝试过
bind_param ( 's' , $ variable )
that with 这与
bind_param ( 1 , $ variable )
that with 这与
bind_param ( 'ss' , $ variable1 , $ variable2 )
and i tried query without '' 我尝试了没有''的查询
"SELECT id,org_id,org_group_id,people_id FROM users WHERE username = ? AND password = ?"
Where am I wrong ? 我哪里错了?
public function login($_username, $_password) {
$this->sessionOpen ();
if ($_username == "") {
$this->log->error ( "Username vuoto" );
throw new AuthLoginFailed ();
}
if ($_password == "") {
$this->log->error ( "Password vuota" );
throw new AuthLoginFailed ();
}
$db = new mysqli ( $this->sql ['server'], $this->sql ['username'], $this->sql ['password'], $this->sql ['database'] );
if (mysqli_connect_errno ()) {
$this->log->error ( "Errore di connessione a mysql: " . mysqli_error ( $db ) );
throw new MysqliConnectionError ( "Mysqli error: " . mysqli_error ( $db ) );
}
$stmt = $db->prepare ( "SELECT id,org_id,org_group_id,people_id FROM users WHERE 'username' = ? AND 'password' = ?" );
if (! $stmt) {
$this->log->error ( "Mysqli prepare error: " . mysqli_error ( $db ) );
throw new MysqliPrepareException ( "Mysqli error: " . mysqli_error ( $db ) );
}
echo md5 ( $_username ) . "---" . md5 ( $_password );
//on page username and password is showed at this point
$user=trim(md5 ( $_username ));
$pass=trim(md5 ( $_password ));
$stmt->bind_param ( 1, $user);
$stmt->bind_param ( 2, $pass);
/* Execute it */
$stmt->execute ();
if (! $stmt) {
$this->log->error ( "Mysqli prepare error: " . mysqli_error ( $db ) );
throw new MysqliExecuteException ( "Mysqli error: " . mysqli_error ( $db ) );
}
$stmt->fetch($rst);
echo "results: " . $rst->num_rows; //output of this: results:
if ($rst->num_rows == 0) {
throw new AuthLoginFailed ();
}
/* Close statement */
$stmt->close ();
/* Close connection */
$db->close ();
}
Error in the log of apache is Apache日志中的错误是
[Sat Oct 24 08:52:04 2015] [error] [client 192.168.253.6] PHP Warning: mysqli_stmt::bind_param(): Number of variables doesn't match number of parameters in prepared statement in /www/gexy/XXXX/html/lib/Auth.php on line 77, referer: https://gexy.it/login.php
[Sat Oct 24 08:52:04 2015] [error] [client 192.168.253.6] PHP Warning: mysqli_stmt::bind_param(): Number of variables doesn't match number of parameters in prepared statement in /www/gexy/XXXX/html/lib/Auth.php on line 78, referer: https://gexy.it/login.php
Many thanks to all 非常感谢所有人
Modification is: 修改为:
$stmt->bind_param ( "ss", $user, $pass); $ stmt-> bind_param(“ ss”,$ user,$ pass); because 1 data type is not defind in bind_param (). 因为在bind_param()中未定义1个数据类型。 bind_param() will take two arguments 1st one is types (i, d, s, b) corresponding datatype in your query(?) and 2nd arg are values. bind_param()将带有两个参数,第一个是您的query(?)中与数据类型相对应的类型(i,d,s,b),第二个arg是值。
Suggestion's are: 建议是:
Don't compare with ==, for empty string because if user enter's 3 white spaces it will not equal. 不要与==进行比较,对于空字符串,因为如果用户输入3个空格,它将不相等。 use empty() for checking empty string or not. 使用empty()检查是否为空字符串。
Don't call unnecessary methods, it does not have any meaning, for eg: in your code your calling trim()
after md5()
. 不要调用不必要的方法,它没有任何意义,例如:在代码中,在md5()
之后调用trim()
md5()
。 md5()
will not return any white space character. md5()
将不返回任何空格字符。 So calling trim(md5($username))
is meaning less. 因此,调用trim(md5($username))
意味着更少。
Try to replace your code with my code hope your problem is solved. 尝试用我的代码替换您的代码,希望您的问题得到解决。
public function login($_username, $_password) {
$this->sessionOpen ();
if (empty($_username)) {
$this->log->error ( "Username vuoto" );
throw new AuthLoginFailed ();
}
if (empty($_password)) {
$this->log->error ( "Password vuota" );
throw new AuthLoginFailed ();
}
$db = new mysqli ( $this->sql ['server'], $this->sql ['username'], $this->sql ['password'], $this->sql ['database'] );
if (mysqli_connect_errno ()) {
$this->log->error ( "Errore di connessione a mysql: " . mysqli_error ( $db ) );
throw new MysqliConnectionError ( "Mysqli error: " . mysqli_error ( $db ) );
}
$stmt = $db->prepare ( "SELECT id,org_id,org_group_id,people_id FROM users WHERE 'username' = ? AND 'password' = ?" );
if (! $stmt) {
$this->log->error ( "Mysqli prepare error: " . mysqli_error ( $db ) );
throw new MysqliPrepareException ( "Mysqli error: " . mysqli_error ( $db ) );
}
echo md5 ( $_username ) . "---" . md5 ( $_password );
//on page username and password is showed at this point
$user=md5 ( $_username );
$pass=md5 ( $_password );
$stmt->bind_param ( "ss", $user,$pass);
/* Execute it */
$stmt->execute ();
if (! $stmt) {
$this->log->error ( "Mysqli prepare error: " . mysqli_error ( $db ) );
throw new MysqliExecuteException ( "Mysqli error: " . mysqli_error ( $db ) );
}
$stmt->fetch($rst);
echo "results: " . $rst->num_rows; //output of this: results:
if ($rst->num_rows == 0) {
throw new AuthLoginFailed ();
}
/* Close statement */
$stmt->close ();
/* Close connection */
$db->close ();
}
Let me know once your problem is solved. 问题解决后,请告诉我。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.