douduonang3169 2015-03-11 13:41
浏览 25
已采纳

准备好的声明无效 - 空白页

I have this code

$con = new mysqli('####', '####',   '####', '####');
if(mysqli_connect_errno()){
echo 'Connection Failed:' . mysqli_connect_errno();
exit();
}

//Variables

$user = $_POST['username'];
$zone = $_POST['password'];
$pass = strtoupper(hash("whirlpool", $zone));

//Prepare
if($stmt = $con -> prepare("SELECT * FROM `accounts` WHERE Username=? AND Key=?")){






$stmt -> bind_param("ss", $user, $pass);
$stmt -> execute();
$stmt -> bind_results($result);
$stmt -> fetch();
if($result) {

    $_SESSION['username'] = $user;
    $url = 'home.php';
    echo '<META HTTP-EQUIV=Refresh CONTENT="1; URL='.$url.'">';
} else {

    echo 'Login Failed';
}

}
?>

I am new to Prepared statements and I cannot get it to work. Upon trying to log in I just get a blank white page with no error. I know I am connected to the db because if I remove the prepared statement and do it the unsecured way everything logs in just fine.

Please note. I have just been looking up tutorials on prepared statements so I can learn to code more securely. I am in no way a pro with this. Any tips would be greatly appreciated.

  • 写回答

3条回答 默认 最新

  • dongzhi5846 2015-03-11 14:02
    关注

    Warning: mysqli_stmt::bind_result(): Number of bind variables doesn't match number of fields in prepared statement in C:\xampp\htdocs ewsystem\loginadd.php

    That's because you select * (all fields). You should be more specific about the fields you want to get (for example SELECT id FROM ...).
    Have a look at examples on PHP doc: 2 fields are selected, 2 parameters for bind_result().

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(2条)

报告相同问题?

悬赏问题

  • ¥15 对于这个问题的代码运行
  • ¥50 三种调度算法报错 有实例
  • ¥15 关于#python#的问题,请各位专家解答!
  • ¥200 询问:python实现大地主题正反算的程序设计,有偿
  • ¥15 smptlib使用465端口发送邮件失败
  • ¥200 总是报错,能帮助用python实现程序实现高斯正反算吗?有偿
  • ¥15 对于squad数据集的基于bert模型的微调
  • ¥15 为什么我运行这个网络会出现以下报错?CRNN神经网络
  • ¥20 steam下载游戏占用内存
  • ¥15 CST保存项目时失败