[英]mysqli_stmt::bind_param(): Number of elements in type definition string doesn't match number of bind variables warning
[英]Warning: mysqli_stmt_bind_param(): Number of elements in type definition string doesn't match number of bind variables in
我正在用 Php 和 MySqli 做一個登錄系統,我剛剛完成了注冊功能。
設置 error_reporting(E_ALL) 后,我得到了上述錯誤,我得到的兩個錯誤之一是即使我的 if 語句沒有通過輸入,直到被發送到數據庫。 這是我的代碼:
<?php
require_once "partials/header.php";
error_reporting(E_ALL);
if (isset($_POST["signup-button"])) {
require "includes/dbconn.php";
$username = filter_var($_POST["username"], FILTER_SANITIZE_STRING);
$username = trim($username);
$email = filter_var($_POST["email"], FILTER_VALIDATE_EMAIL);
$email = trim($email);
$password = filter_var($_POST["password"], FILTER_SANITIZE_STRING);
$passwordRe = filter_var($_POST["passwordRe"], FILTER_SANITIZE_STRING);
$termsOfService = filter_var($_POST["terms"], FILTER_SANITIZE_STRING);
$errors = [];
if (strlen($username) < 5) {
$errors[] = "Your Username should contain at least 5 characters";
}
if (!$email) {
$errors[] = "Your E-Mail is invalid.";
}
if (strlen($password) < 6) {
$errors[] = "Your password should contain at least 6 characters.";
}
if ($password !== $passwordRe) {
$errors[] = "Both passwords should be identical";
}
if (!$termsOfService) {
$errors[] = "Please accept our Terms of Service";
} else {
/*$sql = "INSERT INTO usersvet (userName, email, password) VALUES
('" . $username . "', '" . $email . "', '" . $hashedPwd . "')";
if (!mysqli_query($dbConnection, $sql)) {
die(mysqli_error($dbConnection));*/
$sql = "SELECT userName FROM usersvet WHERE userName=? AND pwd=?";
$statement = mysqli_stmt_init($dbConnection);
if (!mysqli_stmt_prepare($statement, $sql)) {
$errors[] = "Sql Error.";
} else {
mysqli_stmt_bind_param($statement, "s", $username);
mysqli_stmt_execute($statement);
mysqli_stmt_store_result($statement);
$resultCheck = mysqli_stmt_num_rows($statement);
if ($resultCheck > 0) {
$errors[] = "User already taken.";
} else {
$sql = "INSERT INTO usersvet (userName, email, pwd)
VALUES (?, ?, ?);";
$statement = mysqli_stmt_init($dbConnection);
if (!mysqli_stmt_prepare($statement, $sql)) {
$errors[] = "SQL Error.";
} else {
$hashedPwd = password_hash($password, PASSWORD_DEFAULT);
mysqli_stmt_bind_param($statement, "sss", $username, $email, $hashedPwd);
mysqli_stmt_execute($statement);
mysqli_stmt_store_result($statement);
}
}
}
}
mysqli_stmt_close($statement);
mysqli_close($dbConnection);
}
前面提到的錯誤數組用於以 div 的形式向頁面發送視覺反饋,代碼如下:
<?php if (!empty($errors)): ?>
<?php foreach ($errors as $error): ?>
<div class="well">
<p class="alert alert-warning"><?= $error ?></p>
</div>
<?php endforeach ?>
<?php endif ?>
<?php if (!empty($_POST) && empty($errors)): ?>
<div class="well">
<p class="alert alert-success">Sign Up successful. You can now login <a href="login.php">here</a>.</p>
</div>
<?php endif ?>
如果您的目標是確定用戶名是否已存在,則不必關心密碼。
你有這個:
$sql = "SELECT userName FROM usersvet WHERE userName=? AND pwd=?";
mysqli_stmt_bind_param($statement, "s", $username);
你要這個:
$sql = "SELECT userName FROM usersvet WHERE userName=?";
mysqli_stmt_bind_param($statement, "s", $username);
另請注意,您需要檢查插入查詢的返回狀態。 在多用戶系統中,另一個用戶可以在 SELECT 運行和 INSERT 運行之間插入一條記錄。 所以你需要確保你的數據庫在username字段上有UNIQUE約束,然后檢查你的INSERT是否成功。
當您稍后檢查用戶提供的密碼是否正確時,您需要選擇密碼:
$sql = "SELECT pwd FROM usersvet WHERE userName=?";
mysqli_stmt_bind_param($statement, "s", $username);
這將返回散列密碼,然后您可以將其與用戶鍵入的內容進行比較:
if (password_verify($typedPassword, $hashedPasswordFromDatabase)) {
// correct password provided
} else {
// wrong password provided
}
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.