[英]PHP login verification won't work with prepared statements
當此代碼運行時,它會返回一條錯誤消息,指出登錄失敗。 具體的錯誤信息在else語句中password_verify函數沒有運行時,用var_dump函數返回如下錯誤信息。 似乎問題出在准備好的語句上,因為輸入的登錄變量似乎沒有從數據庫中收集信息。
登錄失敗:(0)array(0) { }
error_reporting(E_ALL);
$mysqli = new mysqli('localhost', 'root', 'root', 'myTable');
if ($mysqli->connect_errno > 0) {
die('Unable to connect to database [' . $mysqli->connect_error . ']');
}
ob_start();
session_start();
if (isset($_POST['LogIn'])) {
$username = $_POST['userName'];
$password = $_POST['password'];
if (!($stmt = $mysqli->prepare("SELECT Username, Password FROM user WHERE Username = ?"))) {
echo "Prepare failed: (" . $mysqli->errno . ")" . $mysqli->error;
}
if (!$stmt->bind_param('s', $username)) {
echo "Bind failed: (" . $stmt->errno . ")" . $stmt->error;
}
if (!$stmt->execute()) {
echo "Execute failed: (" . $stmt->errno . ")" . $stmt->error;
}
$userdata = $stmt->get_result();
$row = $userdata->fetch_array(MYSQLI_ASSOC);
$stmt->bind_result($username, $password);
$stmt->store_result();
if (password_verify($password, $row['Password'])) {
session_start();
$_SESSION['UserID'] = $row['UserID'];
var_dump($_SESSION);
// header('Location: Account.php');
exit();
} else {
echo "Login Failed: (" . $stmt->errno . ")" . $stmt->error;
echo "Password's do not match";
var_dump($_SESSION);
}
$stmt->close();
}
$mysqli->close();
這可能就是您要尋找的。
if(isset($_POST['LogIn'])) {
$UN = $_POST['userName'];
$PW = $_POST['password'];
//write sql to check for email or username
$userOrEmailQuery = ("SELECT * from user where Username=? or Email=? LIMIT 1");
$stmt = $con->prepare($userOrEmailQuery);
$stmt->bind_param('ss', $UN, $UN);
$stmt->execute();
$result = $stmt->get_result();
$row = $result->fetch_assoc();
if(password_verify($PW, $row['Password'])) {
session_start();
$_SESSION["UserID"] = $row['UserID'];
header( 'Location: Account.php' );
} else {
session_start();
$_SESSION['LogInFail'] = "Yes";
}
}
希望這可以幫助。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.