mysqli_stmt::bind_param(): Number of variables doesn't match number of parameters in prepared statement

后端未结

关注

 1  541

I am They try to use mysqli :: bind_param unsuccessfully . In the code , below , the function login ( ) is called with a username and

相关标签:

1条回答

后悔当初

2021-01-29 00:00

Modification is:

$stmt->bind_param ( "ss", $user, $pass); because 1 data type is not defind in bind_param (). bind_param() will take two arguments 1st one is types (i, d, s, b) corresponding datatype in your query(?) and 2nd arg are values.

Suggestion's are:

Don't compare with ==, for empty string because if user enter's 3 white spaces it will not equal. use empty() for checking empty string or not.
Don't call unnecessary methods, it does not have any meaning, for eg: in your code your calling trim() after md5(). md5() will not return any white space character. So calling trim(md5($username)) is meaning less.

Try to replace your code with my code hope your problem is solved.

public function login($_username, $_password) {
$this->sessionOpen ();

 if (empty($_username)) {
    $this->log->error ( "Username vuoto" );
    throw new AuthLoginFailed ();
}
if (empty($_password)) {
    $this->log->error ( "Password vuota" );
    throw new AuthLoginFailed ();
}

$db = new mysqli ( $this->sql ['server'], $this->sql ['username'], $this->sql ['password'], $this->sql ['database'] );
if (mysqli_connect_errno ()) {
    $this->log->error ( "Errore di connessione a mysql: " . mysqli_error ( $db ) );
    throw new MysqliConnectionError ( "Mysqli error: " . mysqli_error ( $db ) );
}

$stmt = $db->prepare ( "SELECT id,org_id,org_group_id,people_id FROM users WHERE 'username' = ? AND 'password' = ?" );
if (! $stmt) {
    $this->log->error ( "Mysqli prepare error: " . mysqli_error ( $db ) );
    throw new MysqliPrepareException ( "Mysqli error: " . mysqli_error ( $db ) );
}
echo md5 ( $_username ) . "---" . md5 ( $_password );
//on page username and password is showed at this point
$user=md5 ( $_username );
$pass=md5 ( $_password );
$stmt->bind_param ( "ss",  $user,$pass);
/* Execute it */
$stmt->execute ();
if (! $stmt) {
    $this->log->error ( "Mysqli prepare error: " . mysqli_error ( $db ) );
    throw new MysqliExecuteException ( "Mysqli error: " . mysqli_error ( $db ) );
}


$stmt->fetch($rst);

echo "results: " . $rst->num_rows; //output of this: results:

if ($rst->num_rows == 0) {
    throw new AuthLoginFailed ();
}



/* Close statement */
$stmt->close ();

/* Close connection */
$db->close ();
}

Let me know once your problem is solved.

0 讨论(0)