PHP MYSQLI准备语句登录并检查用户状态 [英] PHP MYSQLI prepared statements login and check the user status
问题描述
我正在学习制作一些基于mysqli的视频教程的网站.我知道使用准备好的语句更安全,并且我正在尝试创建一个登录系统.这是我到目前为止所做的.
I am learning to make website with some video tutorials based on mysqli. I came to know that using prepared statements are more secure and I am trying to create a login system. Here is what I have done so far.
此代码可帮助我完全登录成功.
This code helps me login success fully.
<form action ="" method="post">
User Name:<br/>
<input type='text' name='username' />
<br/><br/>
Password:<br/>
<input type='password' name='password' />
<br/><br/>
<input type='submit' name='submit' value='login'>
</form>
<?php
if(isset($_POST['submit'])){
$username = $_POST['username'];
$password = md5($_POST['password']);
$stmt = $con->prepare("SELECT username, password FROM users WHERE username=? AND password=? LIMIT 1");
$stmt->bind_param('ss', $username, $password);
$stmt->execute();
$stmt->bind_result($username, $password);
$stmt->store_result();
if($stmt->num_rows == 1) //To check if the row exists
{
while($stmt->fetch()) //fetching the contents of the row
{$_SESSION['Logged'] = 1;
$_SESSION['username'] = $username;
echo 'Success!';
exit();
}
}
else {
echo "INVALID USERNAME/PASSWORD Combination!";
}
$stmt->close();
}
else
{
}
$con->close();
?>
但是我还需要检查用户是否尚未激活或已被禁止或停用.所以我做了另一个代码.
But I also need to check if the user have not activated or have been banned or deactivated. So I made another code.
这是我编写的代码
<?php
if(isset($_POST['submit'])){
$username = $_POST['username'];
$password = md5($_POST['password']);
$stmt = $con->prepare("SELECT username, password FROM users WHERE username=? AND password=? LIMIT 1");
$stmt->bind_param('ss', $username, $password);
$stmt->execute();
$stmt->bind_result($username, $password);
$stmt->store_result();
if($stmt->num_rows == 1) //To check if the row exists
{
$result=$con->query($stmt);
$row=$result->fetch_array(MYSQLI_ASSOC);
$user_id= $row['user_id'];
$status = $row['status'];
if($status=='d'){
echo "YOUR account has been DEACTIVATED.";
}else{
$_SESSION['Logged'] = 1;
$_SESSION['user_id'] = $user_id;
$_SESSION['username'] = $username;
echo 'Success!';
exit();
}
}
else {
echo "INVALID USERNAME/PASSWORD Combination!";
}
$stmt->free_result();
$stmt->close();
}
else
{
}
$con->close();
?>
使用此工具时,出现以下错误
When I use this I get the following errors
警告:mysqli :: query()期望参数1为字符串,第33行的F:\ XAMPP \ htdocs \ login \ login.php中给出的对象
Warning: mysqli::query() expects parameter 1 to be string, object given in F:\XAMPP\htdocs\login\login.php on line 33
致命错误:在第34行的F:\ XAMPP \ htdocs \ login \ login.php中的非对象上调用成员函数fetch_array()
Fatal error: Call to a member function fetch_array() on a non-object in F:\XAMPP\htdocs\login\login.php on line 34
我有数据库表列
user_id, 用户名, 密码(md5), user_level, 状态.
user_id, username, password (md5), user_level, status.
在user_level下,我有以下内容
Under user_level I have the following
a = admin
m = member
状态
a = activated
n = not activated
d = deactivated
b = banned
登录时,我需要检查用户状态以及是否已激活(应将其移动到索引页),或者如果它是d,则应显示该用户已被停用,对于其他用户也是如此.
While logging in I need to check if the user status and if it is activated it should move to index page or if it is d it should show the user has been deactivated and likewise for others.
如何在准备好的语句中做到这一点?
How to do it in prepared statements?
我在所有页面中都有这个connect.php
And I have this connect.php in all page
?php
//error_reporting(0);
'session_start';
$con = new mysqli('localhost', 'username', 'password', 'database');
if($con->connect_errno > 0){
die('Sorry, We\'re experiencing some connection problems.');
}
?>
推荐答案
我认为您需要研究mysqli_的工作方式.这应该使您朝着正确的方向前进.
I think you need to take a look into how mysqli_ works. This should get you in the right direction.
if(isset($_POST['submit'])){
$username = $_POST['username'];
$password = md5($_POST['password']);
$user_id = 0;
$status = ""
$stmt = $con->prepare("SELECT user_id, username, password, status FROM users WHERE username=? AND password=? LIMIT 1");
$stmt->bind_param('ss', $username, $password);
$stmt->execute();
$stmt->bind_result($user_id, $username, $password, $status);
$stmt->store_result();
if($stmt->num_rows == 1) //To check if the row exists
{
if($stmt->fetch()) //fetching the contents of the row
{
if ($status == 'd') {
echo "YOUR account has been DEACTIVATED.";
exit();
} else {
$_SESSION['Logged'] = 1;
$_SESSION['user_id'] = $user_id;
$_SESSION['username'] = $username;
echo 'Success!';
exit();
}
}
}
else {
echo "INVALID USERNAME/PASSWORD Combination!";
}
$stmt->close();
}
else
{
}
$con->close();
这篇关于PHP MYSQLI准备语句登录并检查用户状态的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!