准备好的语句在不应该的时候失败
Prepared statement fails when it shouldn't
我的网站上有一个注册表单,每当新用户注册时,下面的代码应该 运行:
$sql = "SELECT * FROM users WHERE uidUsers=?;";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt)) {
header("Location: ../signup.php?error=sqlerror");
exit();
}
else {
mysqli_stmt_bind_param($stmt, "s", $username);
mysqli_stmt_execute($stmt);
$resultCheck = mysqli_stmt_num_rows($stmt);
if ($resultCheck > 0) {
header("Location: ../signup.php?error=usertaken");
exit();
}
else {
$hashedPwd = password_hash(PASSWORD_DEFAULT, $password);
$sql = "INSERT INTO users (`uidUsers`, `pwdUsers`, `phraseUsers`) VALUES(?,
?, ?)";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt)) {
header("Location: ../signup.php?error=sqlerror");
exit();
}
else {
mysqli_stmt_bind_param($stmt, "sss", $username, $hashedPwd,
$securityphrase);
mysqli_stmt_execute($stmt);
header("Location: ../login.php?signup=success");
exit();
}
!mysqli_stmt_prepare 错误处理程序在不应该给定数据库环境以及正确的 INSERT 语句时被触发。所以我不明白为什么它会被触发,我想问为什么?
Stack Overflow
上也有类似的问题
谢谢大家的帮助,问题出在哪里password_hash命令,应该是这样的password_hash($var, PASSWORD_DEFAULT);。我犯的第二个错误是 mysqli_stmt_prepare 中没有包含我的 $sql 语句,应该是这样的 !mysqli_stmt_prepare($stmt, $sql).
我的网站上有一个注册表单,每当新用户注册时,下面的代码应该 运行:
$sql = "SELECT * FROM users WHERE uidUsers=?;";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt)) {
header("Location: ../signup.php?error=sqlerror");
exit();
}
else {
mysqli_stmt_bind_param($stmt, "s", $username);
mysqli_stmt_execute($stmt);
$resultCheck = mysqli_stmt_num_rows($stmt);
if ($resultCheck > 0) {
header("Location: ../signup.php?error=usertaken");
exit();
}
else {
$hashedPwd = password_hash(PASSWORD_DEFAULT, $password);
$sql = "INSERT INTO users (`uidUsers`, `pwdUsers`, `phraseUsers`) VALUES(?,
?, ?)";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt)) {
header("Location: ../signup.php?error=sqlerror");
exit();
}
else {
mysqli_stmt_bind_param($stmt, "sss", $username, $hashedPwd,
$securityphrase);
mysqli_stmt_execute($stmt);
header("Location: ../login.php?signup=success");
exit();
}
!mysqli_stmt_prepare 错误处理程序在不应该给定数据库环境以及正确的 INSERT 语句时被触发。所以我不明白为什么它会被触发,我想问为什么?
Stack Overflow
上也有类似的问题谢谢大家的帮助,问题出在哪里password_hash命令,应该是这样的password_hash($var, PASSWORD_DEFAULT);。我犯的第二个错误是 mysqli_stmt_prepare 中没有包含我的 $sql 语句,应该是这样的 !mysqli_stmt_prepare($stmt, $sql).