Mysql 绑定:元素数量不匹配
Mysql bind: number of elements do not match
我无法理解这条指令哪里出了问题。我不断收到元素数量与绑定值不匹配的警告。
我正在尝试验证国家/地区的字段,用户可以在其中 select 他们注册的国家/地区,但是每当我 运行 在 xampp 上进行测试时,我都会收到警告,而信息却不是发送到数据库。
我不确定我的代码是否容易受到 sql 注入,因为我是 php 和 mysql 的新手。如果我删除国家/地区功能,表格将正常工作。我认为错误来自 html 表单,所以我不想在这里上传它。
这是 php 代码。
<?php
// Include config file
require_once "db.php";
// Define variables and initialize with empty values
$username = $password = $confirm_password = $country = "";
$username_err = $password_err = $confirm_password_err = $country_err = "";
// Processing form data when form is submitted
if($_SERVER["REQUEST_METHOD"] == "POST"){
// Validate username
if(empty(trim($_POST["username"]))){
$username_err = "Please enter a username.";
} else{
// Prepare a select statement
$sql = "SELECT id FROM users WHERE username = ?";
if($stmt = mysqli_prepare($db, $sql)){
// Bind variables to the prepared statement as parameters
mysqli_stmt_bind_param($stmt, "s", $param_username);
// Set parameters
$param_username = trim($_POST["username"]);
// Attempt to execute the prepared statement
if(mysqli_stmt_execute($stmt)){
/* store result */
mysqli_stmt_store_result($stmt);
if(mysqli_stmt_num_rows($stmt) == 1){
$username_err = "This username is already taken.";
} else{
$username = trim($_POST["username"]);
}
} else{
echo "Oops! Something went wrong. Please try again later.";
}
// Close statement
mysqli_stmt_close($stmt);
}
}
// Validate password
if(empty(trim($_POST["password"]))){
$password_err = "Please enter a password.";
} elseif(strlen(trim($_POST["password"])) < 6){
$password_err = "Password must have atleast 6 characters.";
} else{
$password = trim($_POST["password"]);
}
// Validate confirm password
if(empty(trim($_POST["confirm_password"]))){
$confirm_password_err = "Please confirm password.";
} else{
$confirm_password = trim($_POST["confirm_password"]);
if(empty($password_err) && ($password != $confirm_password)){
$confirm_password_err = "Password did not match.";
}
}
// Validate Country
if(empty(trim($_POST["country"]))){
$country_err = "Please Choose a Country.";
}
else{
$country = trim($_POST["country"]);
}
// Check input errors before inserting in database
if(empty($username_err) && empty($password_err) && empty($confirm_password_err)){
// Prepare an insert statement
$sql = "INSERT INTO users (username, password, country) VALUES (?, ?, ?)";
if($stmt = mysqli_prepare($db, $sql)){
// Bind variables to the prepared statement as parameters
mysqli_stmt_bind_param($stmt, "ss", $param_username, $param_password, $param_country);
// Set parameters
$param_country = $country;
$param_username = $username;
$param_password = password_hash($password, PASSWORD_DEFAULT); // Creates a password hash
// Attempt to execute the prepared statement
if(mysqli_stmt_execute($stmt)){
// Redirect to login page
header("location: login.php");
} else{
echo "Something went wrong. Please try again later.";
}
// Close statement
mysqli_stmt_close($stmt);
}
}
// Close connection
mysqli_close($db);
}
?>.`
我可以看到几件事:
- 您的输入错误检查不会检查“country_err”是否为空。
- 您的 mysqli_stmt_bind_param 仅定义了 2 个字段“ss”的类型,但您传入了 3 个字段,因此它应该是“sss”
我无法理解这条指令哪里出了问题。我不断收到元素数量与绑定值不匹配的警告。 我正在尝试验证国家/地区的字段,用户可以在其中 select 他们注册的国家/地区,但是每当我 运行 在 xampp 上进行测试时,我都会收到警告,而信息却不是发送到数据库。
我不确定我的代码是否容易受到 sql 注入,因为我是 php 和 mysql 的新手。如果我删除国家/地区功能,表格将正常工作。我认为错误来自 html 表单,所以我不想在这里上传它。
这是 php 代码。
<?php
// Include config file
require_once "db.php";
// Define variables and initialize with empty values
$username = $password = $confirm_password = $country = "";
$username_err = $password_err = $confirm_password_err = $country_err = "";
// Processing form data when form is submitted
if($_SERVER["REQUEST_METHOD"] == "POST"){
// Validate username
if(empty(trim($_POST["username"]))){
$username_err = "Please enter a username.";
} else{
// Prepare a select statement
$sql = "SELECT id FROM users WHERE username = ?";
if($stmt = mysqli_prepare($db, $sql)){
// Bind variables to the prepared statement as parameters
mysqli_stmt_bind_param($stmt, "s", $param_username);
// Set parameters
$param_username = trim($_POST["username"]);
// Attempt to execute the prepared statement
if(mysqli_stmt_execute($stmt)){
/* store result */
mysqli_stmt_store_result($stmt);
if(mysqli_stmt_num_rows($stmt) == 1){
$username_err = "This username is already taken.";
} else{
$username = trim($_POST["username"]);
}
} else{
echo "Oops! Something went wrong. Please try again later.";
}
// Close statement
mysqli_stmt_close($stmt);
}
}
// Validate password
if(empty(trim($_POST["password"]))){
$password_err = "Please enter a password.";
} elseif(strlen(trim($_POST["password"])) < 6){
$password_err = "Password must have atleast 6 characters.";
} else{
$password = trim($_POST["password"]);
}
// Validate confirm password
if(empty(trim($_POST["confirm_password"]))){
$confirm_password_err = "Please confirm password.";
} else{
$confirm_password = trim($_POST["confirm_password"]);
if(empty($password_err) && ($password != $confirm_password)){
$confirm_password_err = "Password did not match.";
}
}
// Validate Country
if(empty(trim($_POST["country"]))){
$country_err = "Please Choose a Country.";
}
else{
$country = trim($_POST["country"]);
}
// Check input errors before inserting in database
if(empty($username_err) && empty($password_err) && empty($confirm_password_err)){
// Prepare an insert statement
$sql = "INSERT INTO users (username, password, country) VALUES (?, ?, ?)";
if($stmt = mysqli_prepare($db, $sql)){
// Bind variables to the prepared statement as parameters
mysqli_stmt_bind_param($stmt, "ss", $param_username, $param_password, $param_country);
// Set parameters
$param_country = $country;
$param_username = $username;
$param_password = password_hash($password, PASSWORD_DEFAULT); // Creates a password hash
// Attempt to execute the prepared statement
if(mysqli_stmt_execute($stmt)){
// Redirect to login page
header("location: login.php");
} else{
echo "Something went wrong. Please try again later.";
}
// Close statement
mysqli_stmt_close($stmt);
}
}
// Close connection
mysqli_close($db);
}
?>.`
我可以看到几件事:
- 您的输入错误检查不会检查“country_err”是否为空。
- 您的 mysqli_stmt_bind_param 仅定义了 2 个字段“ss”的类型,但您传入了 3 个字段,因此它应该是“sss”