遇到问题mysqli_stmt（程序风格）

So, I am currently trying to make a login form for my browser game, which requires multiple queries to work properly. I first started with the normal procedure of querying using PHP and MySQL but soon discovered it wasn't the best way to do it because of SQL injection.

So, I decided to use the stmt, which according to stackoverflow, is safer.

My code is bigger than this, but I will just put here the part that is bugging (I have debugged the rest of the code and everything else is fine, including connection to the MySQL server)

$stmt = mysqli_prepare($conn, "SELECT username FROM users WHERE username='$playername'");
    ´
//Im pretty sure this is where the bug is
mysqli_stmt_bind_param($stmt, "s", $playername);
//----------------------------------------  

mysqli_stmt_execute($stmt);

mysqli_stmt_bind_result($stmt, $dbusername);

mysqli_stmt_fetch($stmt);

$row_cnt = mysqli_stmt_num_rows($stmt);

if($row_cnt === 0) {

    mysqli_stmt_close($stmt);
    $error = true;
    $errorid = "There is no player registered with that username.";
    echo $errorid;

    }

I have created an entry in the database with the username "Syvered" which is the one i am testing at the moment, and when trying to use that username on the login form (notice that $playername is the inputed username by the user) it still says "There is no such user with that username" which means that mysqli_stmt_num_rows($stmt) is returning 0 for some reason. This is what I dont understand.

I really hope I have been clear enough to you, thank you in advance for your help.

Questions I checked but unfortunately didn't help:

how to make 2 queries with mysqli_stmt

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

1条回答默认最新

关注

码龄粉丝数原力等级 --

被采纳

被点赞

采纳率
doucan8049 2016-12-27 17:25
关注
You're passing a variable in the WHERE clause:

WHERE username='$playername'

instead of a placeholder, which needs to be changed to:

WHERE username=?

since you're wanting to use a prepared statement.

http://php.net/manual/en/mysqli.prepare.php

Make sure that $playername does have a value and that you've successfully connected using the mysqli_ API.

Using proper error checking would have helped:

http://php.net/manual/en/mysqli.error.php

http://php.net/manual/en/function.error-reporting.php

If you're looking to see if a row exists (which seems to be the case here), see one of my answers which uses a prepared statement:

check if row exists with mysql

and a PDO method also.

An example taken from one of my answers, which is what you need to do and replace it with what you're using in the query and variable(s):

$query = "SELECT `email` FROM `tblUser` WHERE email=?"; if ($stmt = $dbl->prepare($query)){ $stmt->bind_param("s", $email); if($stmt->execute()){ $stmt->store_result(); $email_check= ""; $stmt->bind_result($email_check); $stmt->fetch(); if ($stmt->num_rows == 1){ echo "That Email already exists."; exit; } } }

Edit:

After testing your code, there is something you are not doing correctly here.

You need to "store" the results which was missing in your code.

http://www.php.net/manual/en/mysqli-stmt.store-result.php

Yet, let's try a slightly different approach and check if it does exist and echo that it does, and if not; show that it doesn't.

Sidenote: I used >= in if($row_cnt >= 1) should there be more than one matching. You can change it if you want.

$playername = "Syvered"; // This could also be case-sensitive. $stmt = mysqli_prepare($conn, "SELECT username FROM users WHERE username = ?"); mysqli_stmt_bind_param($stmt, "s", $playername); mysqli_stmt_execute($stmt); mysqli_stmt_store_result($stmt); // Store the results which was missing. mysqli_stmt_bind_result($stmt, $dbusername); mysqli_stmt_fetch($stmt); $row_cnt = mysqli_stmt_num_rows($stmt); if($row_cnt >= 1) { $error = false; // Changed from true $errorid = "It exists."; echo $errorid; mysqli_stmt_close($stmt); } else{ echo "It does not exist."; }

You can revert back to the way you used the conditional, but remember to "store" the result.
本回答被题主选为最佳回答 , 对您是否有帮助呢?

解决无用
评论打赏
分享
举报

评论

按下Enter换行，Ctrl+Enter发表内容

报告相同问题？

关注问题

警告：mysqli_stmt_bind_param（）期望参数1是mysqli_stmt，给定布尔值？ [重复] php
2014-04-07 20:06

回答 2 已采纳 It seems that you have a missing parameter, you should have 13 parameters and 13 ? check the two p
“警告：mysqli_stmt_bind_param（）要求参数1为mysqli_stmt，布尔值在” android database php sql
2017-09-08 02:39

回答 1 已采纳 You have check for errors:- <?php //comment these two lines when code started working fine
是什么导致了这个错误？ mysqli_stmt :: bind_result（）： mysql php
2018-03-22 17:47

回答 1 已采纳 The question marks in your query are placeholders for values that you'll add later. The number of
PHP的mysqli_stmt_init()函数讲解
2021-01-20 08:19

`mysqli_stmt_init()` 的语法如下： ```php mysqli_stmt_init(mysqli $link) ``` 其中，`$link` 参数是已经建立的数据库连接对象。这个函数返回一个用于后续预处理操作的 `mysqli_stmt` 对象。如果连接失败，该函数...
mysqli :: prepare（）vs mysqli_stmt :: prepare（） php
2014-01-27 11:47

回答 3 已采纳 As we discuss it in the comments, it might be a wrong assignation in the if() block. What do I te
我可以从mysqli_stmt_bind_result获得结果而不通过它循环吗？ php
2015-11-27 20:41

回答 1 已采纳 Yes, when you're only expecting one row, and know that it will only return that one, to be returne
为什么mysqli_stmt_num_rows函数返回0？ mysql php sql
2018-02-11 17:31

回答 1 已采纳 The client has no idea how many rows are in the result until they are fetched. You can make the c
php mysqli_affected_rows,PHP mysqli_stmt_affected_rows() 函数用法及示例
2021-04-23 12:16

海v尔v前v员工的博客定义和用法mysqli_stmt_affected_rows()函数返回最近执行的语句影响(更改，删除，插入)的行数。只有在INSERT，UPDATE或DELETE语句之后调用此函数，该函数才能正常工作。如果您需要了解...
未捕获的错误：调用未定义的方法mysqli_stmt :: get_result（）in php
2019-03-27 03:17

回答 1 已采纳 bind result So if the MySQL Native Driver (mysqlnd) driver is not available, and therefore using
mysqli_stmt :: bind_result（）：绑定变量数与预准备语句中的字段数不匹配 mysql php
2013-12-18 09:20

回答 2 已采纳 If that really is your code, it may be that either $_POST["name"] or $_POST["password"] is an arra
你如何使用mysqli_stmt_fetch（）[关闭]获取id php
2016-05-24 02:10

回答 1 已采纳 instead using $rows[] = $col1 why don you change it to $col1 only? remove the $rows[] change
mysql stmt语法_mysqli_stmt_fetch
2021-02-07 12:51

洪嘉君的博客 functionfetch_assoc_stmt(\mysqli_stmt $stmt,$buffer=true) { if ($buffer) {$stmt->store_result(); }$fields=$stmt->result_metadata()->fetch_fields();$args= array(); foreach($fieldsAS$field) {$key=...
mysql_stmt含义,警告::无效的对象或资源mysqli_stmt。含义和解决方案是什么？
2021-02-07 11:45

weixin_39669202的博客 The following code is throwing the mysterious Warnings. I can't understand what they mean. What do these errors indicate and how to eradicate them?...$q = mysqli_stmt_init($dbconn);$qu...
php mysql execute_PHP mysqli_stmt_execute MySQLi 函数
2021-01-28 11:52

weixin_39900676的博客定义和用法mysqli_stmt_execute- 执行准备好的查询版本支持PHP4PHP5PHP7不支持支持支持语法mysqli_stmt_execute(mysqli_stmt$stmt)执行以前使用mysqli_prepare()函数准备的查询。执行后，任何存在的参数标记将自动...
mysql_stmt_result_metadata使用_PHP mysqli_stmt_result_metadata() 函数用法及示例
2021-01-19 16:16

月塔的博客定义和用法mysqli_stmt_result_metadata()函数接受预准备语句对象作为参数，如果给定语句执行SELECT查询(或任何其他返回结果集的查询)，则它(此函数)返回一个元数据对象，该对象保存有关给定语句结...
为什么要使用mysql的stmt_使用mysqli_stmt类
2021-01-20 01:10

土拨鼠没有冬天的博客可以用mysqli扩展模式中提供的mysqli_stmt类的对象，去定义和执行参数化的SQL命令，mysqli_result类中包含的全部成员属性和成员方法如表13-6和表13-7所示。表13-6 mysqli_stmt类中的成员方法（共12个）成员方法名...
mysql bind variable_警告：mysqli_stmt_bind_param：类型定义字符串中的元素数与绑定变量数不匹配[重复](Warning: mysqli_stmt_bind_pa...
2021-02-07 06:08

zhuyurrr的博客警告：mysqli_stmt_bind_param：类型定义字符串中的元素数与绑定变量数不匹配[重复](Warning: mysqli_stmt_bind_param: Number of elements in type definition string doesn't match number of bind variables ...
PHP mysqli_stmt_bind_result MySQLi 函数
2019-10-24 09:27

蝴蝶教程的博客定义和用法 mysqli_stmt_bind_...mysqli_stmt_bind_result(mysqli_stmt $stmt,mixed&$var1[,mixed&$...]) 将结果集中的列绑定到变量。当调用mysqli_stmt_fetch()来获取数据时，MySQL客户端/服务器协议...
mysql预处理stmt_mysqli_stmt类：使用预处理语句处理SELECT查询结果
2021-01-28 08:42

牛臂的博客 SQL语句的执行也需要使用mysqli_stmt对象中的execute()方法，但与mysqli对象中的query()方法不同，execute()方法的返回值并不是一个mysqli_result对象。mysqli_stmt对象提供了一种更为精巧的办法来处理SELECT语句...
没有解决我的问题, 去提问

悬赏问题

¥15 如何让企业微信机器人实现消息汇总整合
¥50 关于#ui#的问题：做yolov8的ui界面出现的问题
¥15 如何用Python爬取各高校教师公开的教育和工作经历
¥15 TLE9879QXA40 电机驱动
¥20 对于工程问题的非线性数学模型进行线性化
¥15 Mirare PLUS 进行密钥认证？（详解）
¥15 物体双站RCS和其组成阵列后的双站RCS关系验证
¥20 想用ollama做一个自己的AI数据库
¥15 关于qualoth编辑及缝合服装领子的问题解决方案探寻
¥15 请问怎么才能复现这样的图呀

遇到问题mysqli_stmt（程序风格）

1条回答 默认 最新

悬赏问题

1条回答默认最新