遇到问题mysqli_stmt（程序风格）

So, I am currently trying to make a login form for my browser game, which requires multiple queries to work properly. I first started with the normal procedure of querying using PHP and MySQL but soon discovered it wasn't the best way to do it because of SQL injection.

So, I decided to use the stmt, which according to stackoverflow, is safer.

My code is bigger than this, but I will just put here the part that is bugging (I have debugged the rest of the code and everything else is fine, including connection to the MySQL server)

$stmt = mysqli_prepare($conn, "SELECT username FROM users WHERE username='$playername'");
    ´
//Im pretty sure this is where the bug is
mysqli_stmt_bind_param($stmt, "s", $playername);
//----------------------------------------  

mysqli_stmt_execute($stmt);

mysqli_stmt_bind_result($stmt, $dbusername);

mysqli_stmt_fetch($stmt);

$row_cnt = mysqli_stmt_num_rows($stmt);

if($row_cnt === 0) {

    mysqli_stmt_close($stmt);
    $error = true;
    $errorid = "There is no player registered with that username.";
    echo $errorid;

    }

I have created an entry in the database with the username "Syvered" which is the one i am testing at the moment, and when trying to use that username on the login form (notice that $playername is the inputed username by the user) it still says "There is no such user with that username" which means that mysqli_stmt_num_rows($stmt) is returning 0 for some reason. This is what I dont understand.

I really hope I have been clear enough to you, thank you in advance for your help.

Questions I checked but unfortunately didn't help:

how to make 2 queries with mysqli_stmt

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

1条回答默认最新

关注

码龄粉丝数原力等级 --

被采纳

被点赞

采纳率
doucan8049 2016-12-27 17:25
关注
You're passing a variable in the WHERE clause:

WHERE username='$playername'

instead of a placeholder, which needs to be changed to:

WHERE username=?

since you're wanting to use a prepared statement.

http://php.net/manual/en/mysqli.prepare.php

Make sure that $playername does have a value and that you've successfully connected using the mysqli_ API.

Using proper error checking would have helped:

http://php.net/manual/en/mysqli.error.php

http://php.net/manual/en/function.error-reporting.php

If you're looking to see if a row exists (which seems to be the case here), see one of my answers which uses a prepared statement:

check if row exists with mysql

and a PDO method also.

An example taken from one of my answers, which is what you need to do and replace it with what you're using in the query and variable(s):

$query = "SELECT `email` FROM `tblUser` WHERE email=?"; if ($stmt = $dbl->prepare($query)){ $stmt->bind_param("s", $email); if($stmt->execute()){ $stmt->store_result(); $email_check= ""; $stmt->bind_result($email_check); $stmt->fetch(); if ($stmt->num_rows == 1){ echo "That Email already exists."; exit; } } }

Edit:

After testing your code, there is something you are not doing correctly here.

You need to "store" the results which was missing in your code.

http://www.php.net/manual/en/mysqli-stmt.store-result.php

Yet, let's try a slightly different approach and check if it does exist and echo that it does, and if not; show that it doesn't.

Sidenote: I used >= in if($row_cnt >= 1) should there be more than one matching. You can change it if you want.

$playername = "Syvered"; // This could also be case-sensitive. $stmt = mysqli_prepare($conn, "SELECT username FROM users WHERE username = ?"); mysqli_stmt_bind_param($stmt, "s", $playername); mysqli_stmt_execute($stmt); mysqli_stmt_store_result($stmt); // Store the results which was missing. mysqli_stmt_bind_result($stmt, $dbusername); mysqli_stmt_fetch($stmt); $row_cnt = mysqli_stmt_num_rows($stmt); if($row_cnt >= 1) { $error = false; // Changed from true $errorid = "It exists."; echo $errorid; mysqli_stmt_close($stmt); } else{ echo "It does not exist."; }

You can revert back to the way you used the conditional, but remember to "store" the result.
本回答被题主选为最佳回答 , 对您是否有帮助呢?

解决无用
评论打赏
分享
举报

评论

按下Enter换行，Ctrl+Enter发表内容

报告相同问题？

关注问题

遇到问题mysqli_stmt（程序风格） mysql php
2016-12-27 17:22

回答 1 已采纳 You're passing a variable in the WHERE clause: WHERE username='$playername' instead of a placeh
“警告：mysqli_stmt_bind_param（）要求参数1为mysqli_stmt，布尔值在” android database php sql
2017-09-08 02:39

回答 1 已采纳 You have check for errors:- <?php //comment these two lines when code started working fine
是什么导致了这个错误？ mysqli_stmt :: bind_result（）： mysql php
2018-03-22 17:47

回答 1 已采纳 The question marks in your query are placeholders for values that you'll add later. The number of
php mysqli_affected_rows,PHP mysqli_stmt_affected_rows() 函数用法及示例
2021-04-23 12:16

海v尔v前v员工的博客定义和用法mysqli_stmt_affected_rows()函数返回最近执行的语句影响(更改，删除，插入)的行数。只有在INSERT，UPDATE或DELETE语句之后调用此函数，该函数才能正常工作。如果您需要了解...
mysqli :: prepare（）vs mysqli_stmt :: prepare（） php
2014-01-27 11:47

回答 3 已采纳 As we discuss it in the comments, it might be a wrong assignation in the if() block. What do I te
我可以从mysqli_stmt_bind_result获得结果而不通过它循环吗？ php
2015-11-27 20:41

回答 1 已采纳 Yes, when you're only expecting one row, and know that it will only return that one, to be returne
为什么mysqli_stmt_num_rows函数返回0？ mysql php sql
2018-02-11 17:31

回答 1 已采纳 The client has no idea how many rows are in the result until they are fetched. You can make the c
mysql_stmt含义,警告::无效的对象或资源mysqli_stmt。含义和解决方案是什么？
2021-02-07 11:45

weixin_39669202的博客 The following code is throwing the mysterious Warnings. I can't understand what they mean. What do these errors indicate and how to eradicate them?...$q = mysqli_stmt_init($dbconn);$qu...
未捕获的错误：调用未定义的方法mysqli_stmt :: get_result（）in php
2019-03-27 03:17

回答 1 已采纳 bind result So if the MySQL Native Driver (mysqlnd) driver is not available, and therefore using
警告：mysqli_stmt_bind_param（）期望参数1是mysqli_stmt，给定布尔值？ [重复] php
2014-04-07 20:06

回答 2 已采纳 It seems that you have a missing parameter, you should have 13 parameters and 13 ? check the two p
你如何使用mysqli_stmt_fetch（）[关闭]获取id php
2016-05-24 02:10

回答 1 已采纳 instead using $rows[] = $col1 why don you change it to $col1 only? remove the $rows[] change
mysql stmt语法_mysqli_stmt_fetch
2021-02-07 12:51

洪嘉君的博客 functionfetch_assoc_stmt(\mysqli_stmt $stmt,$buffer=true) { if ($buffer) {$stmt->store_result(); }$fields=$stmt->result_metadata()->fetch_fields();$args= array(); foreach($fieldsAS$field) {$key=...
php 5.2.6的mysqli_stmt_get_result替代方案 mysql php
2012-10-21 09:04

回答 3 已采纳 The mysqli_stmt_get_result function is PHP 5.3 or greater only. It does not exist for your PHP 5.2
php mysql execute_PHP mysqli_stmt_execute MySQLi 函数
2021-01-28 11:52

weixin_39900676的博客定义和用法mysqli_stmt_execute- 执行准备好的查询版本支持PHP4PHP5PHP7不支持支持支持语法mysqli_stmt_execute(mysqli_stmt$stmt)执行以前使用mysqli_prepare()函数准备的查询。执行后，任何存在的参数标记将自动...
mysql stmt语法_PHP mysqli_stmt_get_result() 函数用法及示例
2021-02-07 12:51

杨语欣的博客定义和用法该mysqli_stmt_get_result()函数接受一个语句对象作为参数，从给定的语句中检索结果集(如果有的话)并返回它。您不能使用此函数关闭持久连接。语法mysqli_stmt_get_result($stmt);参数序号参数及说明...
mysql_stmt_result_metadata使用_PHP mysqli_stmt_result_metadata() 函数用法及示例
2021-01-19 16:16

月塔的博客定义和用法mysqli_stmt_result_metadata()函数接受预准备语句对象作为参数，如果给定语句执行SELECT查询(或任何其他返回结果集的查询)，则它(此函数)返回一个元数据对象，该对象保存有关给定语句结...
PHP的mysqli_stmt_init()函数讲解
2021-01-20 08:19

初始化声明并返回 mysqli_stmt_prepare() 使用的对象： <?php // 假定数据库用户名：root，密码：123456，数据库：codingdict $con=mysqli_connect(localhost,root,123456,codingdict); if (mysqli_connect_...
为什么要使用mysql的stmt_使用mysqli_stmt类
2021-01-20 01:10

土拨鼠没有冬天的博客可以用mysqli扩展模式中提供的mysqli_stmt类的对象，去定义和执行参数化的SQL命令，mysqli_result类中包含的全部成员属性和成员方法如表13-6和表13-7所示。表13-6 mysqli_stmt类中的成员方法（共12个）成员方法名...
mysql bind variable_警告：mysqli_stmt_bind_param：类型定义字符串中的元素数与绑定变量数不匹配[重复](Warning: mysqli_stmt_bind_pa...
2021-02-07 06:08

zhuyurrr的博客警告：mysqli_stmt_bind_param：类型定义字符串中的元素数与绑定变量数不匹配[重复](Warning: mysqli_stmt_bind_param: Number of elements in type definition string doesn't match number of bind variables ...
没有解决我的问题, 去提问

悬赏问题

¥15 华为ensp模拟器中S5700交换机在配置过程中老是反复重启
¥15 java写代码遇到问题，求帮助
¥15 uniapp uview http 如何实现统一的请求异常信息提示？
¥15 有了解d3和topogram.js库的吗？有偿请教
¥100 任意维数的K均值聚类
¥15 stamps做sbas-insar，时序沉降图怎么画
¥15 买了个传感器，根据商家发的代码和步骤使用但是代码报错了不会改，有没有人可以看看
¥15 关于#Java#的问题，如何解决？
¥15 加热介质是液体，换热器壳侧导热系数和总的导热系数怎么算
¥100 嵌入式系统基于PIC16F882和热敏电阻的数字温度计

遇到问题mysqli_stmt（程序风格）

1条回答 默认 最新

悬赏问题

1条回答默认最新