mysqli_stmt::bind_param(): Number of variables doesn't match number of parameters in prepared statement

后端 未结 1 545
南笙
南笙 2021-01-28 23:34

I am They try to use mysqli :: bind_param unsuccessfully . In the code , below , the function login ( ) is called with a username and

1条回答
  •  后悔当初
    2021-01-29 00:00

    Modification is:

    $stmt->bind_param ( "ss", $user, $pass); because 1 data type is not defind in bind_param (). bind_param() will take two arguments 1st one is types (i, d, s, b) corresponding datatype in your query(?) and 2nd arg are values.

    Suggestion's are:

    1. Don't compare with ==, for empty string because if user enter's 3 white spaces it will not equal. use empty() for checking empty string or not.

    2. Don't call unnecessary methods, it does not have any meaning, for eg: in your code your calling trim() after md5(). md5() will not return any white space character. So calling trim(md5($username)) is meaning less.

    Try to replace your code with my code hope your problem is solved.

    public function login($_username, $_password) {
    $this->sessionOpen ();
    
     if (empty($_username)) {
        $this->log->error ( "Username vuoto" );
        throw new AuthLoginFailed ();
    }
    if (empty($_password)) {
        $this->log->error ( "Password vuota" );
        throw new AuthLoginFailed ();
    }
    
    $db = new mysqli ( $this->sql ['server'], $this->sql ['username'], $this->sql ['password'], $this->sql ['database'] );
    if (mysqli_connect_errno ()) {
        $this->log->error ( "Errore di connessione a mysql: " . mysqli_error ( $db ) );
        throw new MysqliConnectionError ( "Mysqli error: " . mysqli_error ( $db ) );
    }
    
    $stmt = $db->prepare ( "SELECT id,org_id,org_group_id,people_id FROM users WHERE 'username' = ? AND 'password' = ?" );
    if (! $stmt) {
        $this->log->error ( "Mysqli prepare error: " . mysqli_error ( $db ) );
        throw new MysqliPrepareException ( "Mysqli error: " . mysqli_error ( $db ) );
    }
    echo md5 ( $_username ) . "---" . md5 ( $_password );
    //on page username and password is showed at this point
    $user=md5 ( $_username );
    $pass=md5 ( $_password );
    $stmt->bind_param ( "ss",  $user,$pass);
    /* Execute it */
    $stmt->execute ();
    if (! $stmt) {
        $this->log->error ( "Mysqli prepare error: " . mysqli_error ( $db ) );
        throw new MysqliExecuteException ( "Mysqli error: " . mysqli_error ( $db ) );
    }
    
    
    $stmt->fetch($rst);
    
    echo "results: " . $rst->num_rows; //output of this: results:
    
    if ($rst->num_rows == 0) {
        throw new AuthLoginFailed ();
    }
    
    
    
    /* Close statement */
    $stmt->close ();
    
    /* Close connection */
    $db->close ();
    }
    

    Let me know once your problem is solved.

    0 讨论(0)
提交回复
热议问题