准备的会议声明 [英] Prepared Statement for sessions

查看:52
本文介绍了准备的会议声明的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我终于决定开始使用准备好的语句.虽然,我对正确与否的判断是50/50.我正在尝试使用准备好的语句创建登录页面.不过,似乎除了用户名$_SESSION

之外,它没有检索任何会话值.

这是我的代码:

$username = $_POST['username'];
        $password = md5($_POST['password']);

        $sql = "SELECT * FROM users WHERE BINARY username=? AND BINARY password=?";
            if($stmt = $db->prepare($sql)){
                $stmt->bind_param("ss",$username,$password);
                $stmt->execute();
                $result = $stmt->get_result();
                $num_rows = $result->num_rows;

                if($num_rows >= 1){

                    $_SESSION['loggedin'] = $username;
                    $_SESSION['country'] = $num_rows['country'];
                    $_SESSION['email'] = $num_rows['email'];
                    $_SESSION['avatar'] = $num_rows['u_avatar'];
                    $_SESSION['is_gm'] = $num_rows['is_gm'];
                    $_SESSION['user_lvl'] = $num_rows['user_lvl'];
                    $_SESSION['totalposts'] = $num_rows['post_total'];
                    $_SESSION['totalcoins'] = $num_rows['coins_total'];
                    $_SESSION['totalvotes'] = $num_rows['vote_total'];
                    $_SESSION['secquest'] = $num_rows['sec_quest'];
                    $_SESSION['secanswer'] = $num_rows['sec_answer'];
                    $_SESSION['join_date'] = $num_rows['join_date'];

                    header("Location: /index.php");
                    exit();

                } else {
                    echo "<p class='error_msg'>No accounts could be found with the given credentials.</p>";
                }

                $stmt->free_result();
                $stmt->close();
                $db->close();
            }

解决方案

像上面的注释一样,在使用->get_result()之后,该获取时间了:

$stmt->execute();
$result = $stmt->get_result();
$num_rows = $result->num_rows;

if($num_rows >= 1) {
    $row = $result->fetch_assoc(); // fetch it first
    $_SESSION['loggedin'] = $username;
    $_SESSION['country'] = $row['country'];
    $_SESSION['email'] = $row['email'];
    $_SESSION['avatar'] = $row['u_avatar'];
    $_SESSION['is_gm'] = $row['is_gm'];
    $_SESSION['user_lvl'] = $row['user_lvl'];
    $_SESSION['totalposts'] = $row['post_total'];
    $_SESSION['totalcoins'] = $row['coins_total'];
    $_SESSION['totalvotes'] = $row['vote_total'];
    $_SESSION['secquest'] = $row['sec_quest'];
    $_SESSION['secanswer'] = $row['sec_answer'];
    $_SESSION['join_date'] = $row['join_date'];

    header('Location: /index.php');
    exit();
}

使用$num_rows['join_date']没有意义,因为您已经知道这会产生实际的行数,但其中不包含您想要的那些值.您已经检查了它是否包含数字if($num_rows >= 1) {

旁注:是时候放弃md5并开始使用 password_hash + password_verify 组合了. /p>

I've finally decided to start using prepared statements. Though, i am 50/50 on whats correct and not. I'm trying to make a login page with the prepared statements. Though, it seems like it doesn't retrieve any session value except the username $_SESSION

Here's my code:

$username = $_POST['username'];
        $password = md5($_POST['password']);

        $sql = "SELECT * FROM users WHERE BINARY username=? AND BINARY password=?";
            if($stmt = $db->prepare($sql)){
                $stmt->bind_param("ss",$username,$password);
                $stmt->execute();
                $result = $stmt->get_result();
                $num_rows = $result->num_rows;

                if($num_rows >= 1){

                    $_SESSION['loggedin'] = $username;
                    $_SESSION['country'] = $num_rows['country'];
                    $_SESSION['email'] = $num_rows['email'];
                    $_SESSION['avatar'] = $num_rows['u_avatar'];
                    $_SESSION['is_gm'] = $num_rows['is_gm'];
                    $_SESSION['user_lvl'] = $num_rows['user_lvl'];
                    $_SESSION['totalposts'] = $num_rows['post_total'];
                    $_SESSION['totalcoins'] = $num_rows['coins_total'];
                    $_SESSION['totalvotes'] = $num_rows['vote_total'];
                    $_SESSION['secquest'] = $num_rows['sec_quest'];
                    $_SESSION['secanswer'] = $num_rows['sec_answer'];
                    $_SESSION['join_date'] = $num_rows['join_date'];

                    header("Location: /index.php");
                    exit();

                } else {
                    echo "<p class='error_msg'>No accounts could be found with the given credentials.</p>";
                }

                $stmt->free_result();
                $stmt->close();
                $db->close();
            }

解决方案

Like the comments above, after you have used ->get_result(), then its time to fetch:

$stmt->execute();
$result = $stmt->get_result();
$num_rows = $result->num_rows;

if($num_rows >= 1) {
    $row = $result->fetch_assoc(); // fetch it first
    $_SESSION['loggedin'] = $username;
    $_SESSION['country'] = $row['country'];
    $_SESSION['email'] = $row['email'];
    $_SESSION['avatar'] = $row['u_avatar'];
    $_SESSION['is_gm'] = $row['is_gm'];
    $_SESSION['user_lvl'] = $row['user_lvl'];
    $_SESSION['totalposts'] = $row['post_total'];
    $_SESSION['totalcoins'] = $row['coins_total'];
    $_SESSION['totalvotes'] = $row['vote_total'];
    $_SESSION['secquest'] = $row['sec_quest'];
    $_SESSION['secanswer'] = $row['sec_answer'];
    $_SESSION['join_date'] = $row['join_date'];

    header('Location: /index.php');
    exit();
}

It doesn't make sense to use $num_rows['join_date'], as you already know this yields the actual number of rows, it doesn't contain those values that you want. You already checked for it to contain a number if($num_rows >= 1) {

Sidenote: It's time to ditch that md5 and start using password_hash + password_verify combo.

这篇关于准备的会议声明的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
PHP最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆