douyan2970
douyan2970
2013-12-18 09:20

mysqli_stmt :: bind_result():绑定变量数与预准备语句中的字段数不匹配

已采纳

I’ve been trying to code a login form in PHP using a prepared statement but every time I try to log in I get the following error:

mysqli_stmt::bind_result(): Number of bind variables doesn't match number of fields in prepared statement

Here is my code:

<?php
session_start();

$mysqli = new mysqli("localhost", "root" , "" , "security");
if(mysqli_connect_errno()){
    echo "Wrong" ;
}
if($stmt = $mysqli->prepare("SELECT username AND password FROM users WHERE username =? AND password =?")){
    $username = $_POST['name'];
    $password = $_POST['password'];
    $stmt->bind_param('ss' ,$username ,$password);
    $stmt->execute();
    $stmt->bind_result($password ,$username);
    if($stmt->fetch() == 'true')
    {
        echo "welcome";
    } else{
        echo "wrong password";
    }
}
?>

Can someone tell me why this is happening?

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享
  • 邀请回答

2条回答

  • doubu7134 doubu7134 8年前

    If that really is your code, it may be that either $_POST["name"] or $_POST["password"] is an array, so that bind_param binds more than just one value.

    Check:

    var_dump($_POST["name"]);
    var_dump($_POST["password"]);
    
    点赞 评论 复制链接分享
  • dqvtm82066 dqvtm82066 8年前
    $mysqli->prepare("SELECT username, password FROM users WHERE username = ? AND password = ?");
    $username = $_POST['name'];
    $password = $_POST['password'];
    $stmt->bind_param('ss' ,$username ,$password);
    $stmt->execute();
    $stmt->bind_result($username ,$password);
    

    Your select syntax was wrong, the correct syntax is SELECT field1, field2, field3 FROM TABLE WHERE field1 = ? AND field2 = ?

    To select more fields simply seperate them by a comma and not an AND

    Also, I realize that you're saving your passwords in plaintext which is bad practice, consider hashing them using the numerous hashing functions out there like sha1()

    点赞 9 评论 复制链接分享

相关推荐