如果mysqli连接到数据库if(!mysqli_stmt_execute($check)){如果没有找到记录,这不应该返回NULL或false吗?
在执行这一行并检查数据库中是否存在用户之后,如果用户或记录不存在,它不应该返回NULL并退出程序吗?
如何在不获取整个结果集并对其进行循环的情况下解决此问题?
<?php
////////////// ADDED CODE ////////////
$user_exists = FALSE;
///////////////////////////////////////
$user = null;
$pass = null;
/* Connects to your Database */
$mysqli = mysqli_connect("localhost", "dbUser", "dbPassword","dbName");
if (!$mysqli) {
echo "Failed to connect to MySQL: (" . $mysqli->errno . ") " . mysqli_connect_error();
exit();
}
/* create a prepared statement */
$check = mysqli_prepare($mysqli, "SELECT username, password FROM users WHERE username = ?");
/* bind parameters for markers */
mysqli_stmt_bind_param($check, "s", $user);
echo $mysqli->host_info . "Mysql connected: Succes.n";
/* Checks if there is a login cookie */
if (isset($_SESSION['refer'])){$location = $_SESSION['refer'];}
if(isset($_COOKIE['ID_my_site'])){
/*if there is, it logs you in and directes you to the members page */
echo "Yes there is a cookie";
$user = $_COOKIE['ID_my_site'];
$pass = $_COOKIE['Key_my_site'];
}
/* if the login form is submitted */
if (isset($_POST['submit'])) {
echo " Form submitted.";
/* if form has been submitted */
/* makes sure they filled it in */
if(!$_POST['username'] | !$_POST['pass']) {
die('You did not fill in a required field.');
/* close statement */
mysqli_stmt_close($check);
/* close connection */
mysqli_close($mysqli);
}
$user = stripslashes($_POST['username']);
$pass = stripslashes($_POST['pass']);
$pass = md5($pass);
/* checks it against the database */
/* execute query */
if(!mysqli_stmt_execute($check)){
die('That user does not exist in our database. <a href=Registration.php> Click Here to Register</a>');}
/* bind result variables */
mysqli_stmt_bind_result($check, $user_column, $pass_column);
/* fetch value */
/* Gives error if user dosen't exist */
while(mysqli_stmt_fetch($check)!= NULL){
/* gives error if the password is wrong */
$user_exists = TRUE;
echo " fetch = NOT null --->> ".$user_column;
if ($pass != $pass_column){
/* statement close */
mysqli_stmt_close($check);
/* close connection */
mysqli_close($mysqli);
die('Incorrect password, please try again.');
}
}
if(!$user_exists){
die('That user does not exist in our database. <a href=Registration.php> Click Here to Register</a>');}
/* if login is ok then we add a cookie */
$hour = time() + 3600;
setcookie(ID_my_site, $user, $hour);
setcookie(Key_my_site, $pass, $hour);
/* then redirect them to the members area */
header("Location: Members.php");
}
else
{
/* if they are not logged in */
/* added rest of code for convenience */
?>
/* if they are not logged in */
?>
<!DOCTYPE HTML>
<HTML>
<HEAD>
<meta http-equiv="Content-type" content="text/html" charset=utf-8>
<TITLE>Login</TITLE>
<style>
label,section{display:block;margin-top:20px;letter-spacing:2px;}
form {margin:0 auto;width:60%;}
input,textarea{width:55%;height:27px;padding:10px;margin-top:3px;background:#efefef;border:1px solid #dedede;font-size:0.9em;color:#3a3a3a;border-radius:5px;-web-border-radius:5px;-webkit-border-radius:5px;}
textarea{height:213px;}
input:focus,textarea:focus{border:1px solid #97d6eb;}
.body {display:block;margin:0 auto;width:70%;}
#submit {display:block;align:right;width:127px;height:38px;border:1px solid #dedede;margin-top:20px;cursor:pointer;}
#submit:hover {opacity:0.9;border:1px solid #97d6eb;}
</style>
</head>
<body>
<header class="body"><label>Login page.</label></header>
<section class ="body">
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<label>Username:</label>
<input name="username" type="text" placeholder="Type your name here." autofocus required>
<label>Password</label>
<input name="pass" type="password" placeholder="*******************" autofocus required>
<input id="submit" name="submit" type="submit" value="Login">
</form>
</section>
<footer class="body"><label>Write your footer code here.</label></footer>
</body>
</html>
<?php
}
?>
这实际上不是一个答案,但我无法忍受这种漫长而多风的传统PHP风格的意大利面条。看,对于从数据库中获取一个值这样简单的任务,有多个代码屏幕!我觉得这很奇怪。
这就是为什么它必须至少是
<?php
/* have all the common routines included */
include 'bootstrap.php';
/* if the login form is submitted */
if (isset($_POST['submit']))
{
$sql = "SELECT id, password FROM users WHERE username = ?";
/* let's use some *intelligent* way to deal with database */
$row = $dbal->getRow($sql, $_POST['username']);
/* if we got something and password is correct*/
if ( $row && password_verify($_POST['pass'],$row['password']) )
{
/* set user into session and redirect */
$_SESSION['user'] = $row['id'];
header("Location: Members.php");
exit;
}
}
?>
<!DOCTYPE HTML>
here goes HTML ...
mysqli_stmt_execute在查询中断时返回FALSE,即没有连接到数据库、语法错误等。如果要检查查询是否没有返回任何行,则不应使用TRUE/FALSE运算符,也不应使用execute函数本身。您应该使用mysqli_num_rows,它返回SELECT语句返回的行数。基本上,如果返回的行是0(不是false),则应该退出。