我正在尝试安装一个脚本,实际上它在ı填写错误信息时有效,但当ı尝试使用真实信息时,它会给我一个错误,如下所示:
致命错误:未捕获的PDOException:SQLSTATE[HY093]:无效参数编号:绑定变量的数量与blabla/Session.php中的令牌数量不匹配:129
该代码块完全;
/* Verify that user is in database */
$query = "SELECT session_id FROM user_sessions WHERE session_id = '$session_id' AND userid = '$userid'";
$stmt = $this->db->prepare($query);
$stmt->execute(array(':userid' => $userid, ':sessionid' => $session_id)); ///LINE 129///
$count = $stmt->rowCount();
if (!$stmt || $count < 1) {
return 1; // Indicates username failure
}
$dbarray = $stmt->fetch();
/* Validate that userid is correct */
if ($session_id == $dbarray['session_id']) {
return 0; // Success! Username and userid confirmed
} else {
return 2; // Indicates userid invalid
}
}
下面是所有session.php代码(https://codeshare.io/gLbJAR/)
也许可以尝试以下方法:
$query = "SELECT session_id FROM user_sessions WHERE session_id = :session_id AND userid = :userid";
$stmt = $this->db->prepare($query);
$stmt->execute(array(':userid' => $userid, ':sessionid' => $session_id));
我看到的问题是,您的查询不包含任何参数,但是,您将一些参数传递到execute方法中。
检查文档,尤其是:
$sth = $dbh->prepare('SELECT name, colour, calories FROM fruit WHERE calories < :calories AND colour = :colour');
$sth->execute(array('calories' => $calories, 'colour' => $colour));
是否使用会话ID验证用户存在?我用类似的密码验证我的密码
$query_a = "SELECT * FROM users WHERE username = :username";
$query_b = $pdo->prepare($query_a);
$query_b->bindParam(':username', $username);
$query_b->execute();
if ($query_b) {
if ($query_b->rowCount() == 1) {
$row = $query_b->fetch();
$hash = $row['password'];
if (password_verify($password, $hash)) {
$_SESSION['username'] = $username;
header('location: index.php');
die();
} else {
echo 'Access Denied';
}
}
}
}